SCCM Local Groups Created by ConfigMgr

SCCM Local Groups Created by ConfigMgr. ConfigMgr 2012 SP1 creates Windows Accounts, which are used for various functions.

When the SCCM client is fixed, the local group policy should be renewed with the SCCM/WSUS server setting for Windows Updates.

When Configuration Manager builds a group on a computer that’s a domain member, it’s a local security group. A domain controller is a domain local group shared among all domain controllers.

I’ve created a PDF file with the following details for each Windows group: Group Name, where the Group should be Located, Group Membership Details, Use of this group, and Permission Details of the Group.

Sign up to get the best of How To Manage Devices straight to your inbox!

SCCM Local Groups Created by ConfigMgr

Obviously, these details are in TechNet. Sometimes, it’s very difficult to find them. I’ve posted a Windows Local Groups comparison between 2007 and 2012 here.

• SCCM ConfigMgr 2012 Vs 2007 Comparing Windows Local Security Groups
• SCCM ConfigMgr Asset Intelligence Reports | Default Reports | Configuration Manager

List of SCCM Local Groups Created by ConfigMgr

SCCM Local Groups Created by ConfigMgr

1. ConfigMgr_CollectedFilesAccess: Configuration Manager uses this group to grant access to view files collected by software inventory.
2. ConfigMgr_DViewAccess: This group is a local security group created by CM12 on the site database server or database replica server.
3. ConfigMgr Remote Control Users: This group is used by Configuration Manager remote tools to store the accounts and groups that you configure in the permitted viewer list assigned to each client.
4. SMS Admin: The Configuration Manager uses this group to grant access to the SMS Provider through WMI. Access to the SMS Provider is required to view and modify objects in the Configuration Manager console.
5. SMS_SiteSystemToSiteServerConnection_MP_XXX: This group is used by Configuration Manager management points that are remote from the site server to connect to the site database. This group provides management point access to the inbox folders on the site server and the site database.
6. SMS_SiteSystemToSiteServerConnection_SMSProv_XXX: This group is used by Configuration Manager SMS Provider computers that are remote from the site server to connect to the site server.
7. SMS_SiteSystemToSiteServerConnection_Stat_XXX: This group is used by the File Dispatch Manager on Configuration Manager remote site system computers to connect to the site server.
8. SMS_SiteToSiteConnection_XXX: Configuration Manager to enable file-based replication between sites in a hierarchy. For each remote site directly transferring files to this site, this group contains the following accounts: Accounts configured as a Site Address Account from Configuration Manager sites with no service pack and Accounts configured as a File Replication Account from Configuration Manager SP1 sites.  In SP1, the File Replication Account replaces the Site Address Account.

Resources

Free SCCM Training Part 1 | 17 Hours Of Latest Technical Content | ConfigMgr Lab HTMD Blog (anoopcnair.com)

How To Disable SCCM Application Deployment | ConfigMgr | MEMCM – HTMD Blog #2 (howtomanagedevices.com)

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here – HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His primary focus is Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.