SCCM Local Groups Created by ConfigMgr Endpoint Manager. ConfigMgr 2012 SP1 creates Windows Accounts and these groups are used for various functions.
CM 2012 SP1 creates 8 windows, local groups. I’ve created a PDF file with the following details of each windows group. Group Name, Where the Group should be Located, Group Membership Details, Use of this group, and Permission Details of Group.
SCCM Local Groups Created by ConfigMgr
Obviously, these details are there in TechNet. Sometimes it’s very difficult to find these details from TechNet. I’ve posted Windows Local Groups comparison between 2007 vs 2012 here.
List of SCCM Local Groups Created by ConfigMgr
SCCM Local Groups Created by ConfigMgr…
1.ConfigMgr_CollectedFilesAccess: This group is used by Configuration Manager to grant access to view files collected by software inventory.
2.ConfigMgr_DViewAccess: This group is a local security group created on the site database server or database replica server by CM12.
3.ConfigMgr Remote Control Users: This group is used by Configuration Manager remote tools to store the accounts and groups that you configure in the permitted viewer’s list that are assigned to each client.
4. SMS Admin: This group is used by Configuration Manager to grant access to the SMS Provider, through WMI. Access to the SMS Provider is required to view and modify objects in the Configuration Manager console.
5.SMS_SiteSystemToSiteServerConnection_MP_XXX: This group is used by Configuration Manager management points that are remote from the site server to connect to the site database. This group provides management point access to the inbox folders on the site server and the site database.
6.SMS_SiteSystemToSiteServerConnection_SMSProv_XXX: This group is used by Configuration Manager SMS Provider computers that are remote from the site server to connect to the site server.
7.SMS_SiteSystemToSiteServerConnection_Stat_XXX: This group is used by the File Dispatch Manager on Configuration Manager remote site system computers to connect to the site server.
8.SMS_SiteToSiteConnection_XXX:Configuration Manager to enable file-based replication between sites in a hierarchy. For each remote site that directly transfers files to this site, this group contains the following accounts: Accounts configured as a Site Address Account, from Configuration Manager sites with no service pack and Accounts configured as a File Replication Account, from Configuration Manager SP1 sites. In SP1, the File Replication Account replaces the Site Address Account.
Resources
Author
Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…
