In SMS 2003 there are actually three service accounts and they are required accounts and are automatically created by the SMS installation process depending on the security mode that you have selected.
There is the SMS service account, the local system account and the remote service account. The accounts seem to be similar but they are not. Some have more rights, privileges and responsibilities than the others and as such they perform separate tasks. However the service accounts do have something in common in that they are created by the SMS site server installation process.
The familiar SMS service account (SMSService) is a standard security account as in SMS 2.0 and it provides access to SQL server if you are using windows authentication as well as creates SMS site server directories and copies files as well as well as installs and verifies that services are operating as expected. It also provides the security context that the SMS executive service runs on. It can also access domain controllers (DC’s) when it needs to get information about users, groups, computer accounts and Active Directory (AD) containers.
Notes: It is important to create additional optional accounts within SMS 2003 such as the site system connection account however if you do not create one your SMS site server will use the SMS service account as the sites site system connection account. You can also specify or use the SMS service account as your sites site address account if need be. However it is recommended that you create a site system connection account and a site address account and let the SMS service account manage the site server services.
The local system account (Local) as well as the Computer account on your site server is created and used when you are running in advanced security mode It serves as the SMS service account. It runs the SMS services as well as makes changes to the server and makes use of computer accounts as opposed to user accounts to connect to clients and other servers running SMS components. The local system account is primarily intended to maintain communications and run services and their related tasks.
The Remote service account (SMSSvc_xxx) where xxx is your three letter side code is created automatically when you assign the Client Access Point (CAP) role to a remote site system. It is primarily designed to run on remote SMS site systems and services the SMS executive services on the CAP other than the site server or on a remote server. It like the SMS service account handles SQL server if the SQL monitor is running on the remote site system as well as the processes necessary for the operations on the CAP. Your local system account serves these functions when running in advanced security mode.
No Comments