About the Management Point Database Connection Account
By default, the Microsoft System Center Configuration Manager 2007 management point uses its computer$ account when reading information from the site database, but you can configure a user account instead. You need this account if the management point needs to access a site database in a domain different than the site server domain, whether or not the domain is in the same forest.
Required Rights and Permissions
If you configure this account, you must manually add it to the smsdbrole_MP role in the Configuration Manager site database so that the management point obtains the required rights and permissions. If you do not configure this account, the management point's computer$ account is assumed to be in a trusted forest and Configuration Manager 2007 attempts to add it automatically to the smsdbrole_MP.
Account and Password Creation
The account is not automatically created. The Configuration Manager 2007 Administrator creates one account per management point and manages the passwords.
Account Location
The account can be created anywhere it can be added to the smsdbrole_MP role in the Configuration Manager site database.
Account Maintenance
The administrator changes the account or password in the operating system, and then configures Configuration Manager 2007 to use the new account or password. The changes take effect immediately. If the existing account is replaced with another account, the administrator must manually add it to the smsdbrole_MP role in the Configuration Manager site database.
Security Best Practices
Do not configure this account unless the site database and the management point are in different domains.
If you use this account, create it as a low-rights, local account on the computer running SQL Server.
Do not grant this account interactive logon rights.
See Also
Tasks
How to Configure the Management Point Database Connection Account