Disappearing Login Points
June 18, 2001
by Dana Daugherty
The systems managers at my company made the decision to hide NT servers from the Domain Browse List that aren't used as file servers. This article describes the results of such an action on my SMS infrastructure.
It has always been a policy to keep our browse list as clean as possible. We don't share 9x machines, and we've always hidden NT\W2K workstations using the net config server /hidden command. Even with removing our workstations, the browse list is still a bit too cluttered with servers that are of no use to most employees. Enter the idea to hide all machines except for the file servers.
After we started hiding servers I noticed something interesting in my Site Servers list. It was shrinking! About 90% of our servers are BDCs. It's a little easier for system admins to centrally manage the security aspects of BDCs rather than member servers. You probably know where I'm going with this <grin>.
SMS uses the browse list to find Domain Controllers. It then assigns Domain Controllers as SMS Login Points and copies all the appropriate files to them. For SMS implementations that rely on SMS Logon Installation or SMS Logon Discovery, hiding BDCs could be a serious problem. Fortunately, mine doesn't fall into that category. I used SMS Logon Installation to initially deploy all the clients. After I was up and running I removed login scripts from users' accounts and changed heartbeat discovery to every day. This was mainly due to the large number of traveling laptop users I have that visit different sites. I then have the PC setup group run SMS man.
From all that I have experienced, read and heard, it appears that there is no workaround for this issue. So, moral of the story, if you need to use SMS Login Scripts don't hide your domain controllers.