A new security group named _SMP_USERS was added in ITMS 8.7.3 to simplify security management, regardless of whether token-based authentication or the ACC account is used. You would like to know what access rights this security group needs to have.

ITMS 8.7.3+

The group has to have access to files and folders on the Symantec Management Platform (SMP) server and the site servers running the package server plug-in containing packages used by the clients.  The _SMP_USERS group would only have access to items created by our product.

On the package server:  Root packages folder "C:\Program Files\Altiris\Altiris Agent\Package Delivery" - Read/Execute

Individual package sub-folders - Read/Execute

Locally managed package sub-folders (DS disk/PCT images) - Read/Write/Execute

This group is used instead of the ACC account in the folder security descriptor on all package folders. Depending on the expected functionality, it can have different rights.

Folders that are used for deployment imaging - Read/Write/Execute. DS uploads images to NS.

Folders for standard packages - Read/Execute. This is for package downloading.

These are default folders like C:\Program Files\Altiris\Notification Server\NSCap\bin\Deployment\Packages\PCT or C:\Program Files\Altiris\Altiris Agent\Package Delivery or custom folders created for software delivery.