Microsoft KB Archive/294786

= SMS: How to Use a Non-Domain Administrator Service Account =

Article ID: 294786

Article Last Modified on 5/21/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2.0 Service Pack 2
 * Microsoft Systems Management Server 2.0 Service Pack 3

-



This article was previously published under Q294786



SUMMARY
In Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) and later, administrators can set up the SMS Service account as a non-domain administrator in both Microsoft Windows NT 4.0-based and Microsoft Windows 2000-based domains. For details about using this configuration, including important warnings, read the &quot;SMS Security Essentials&quot; white paper that is located online at the following Microsoft Web site:

http://www.microsoft.com/technet/sms/20/secessentials.mspx



MORE INFORMATION
By default, SMS Setup requires the Service account to be a domain administrator and does not allow the installation to finish if you are using a non-domain administrator account. To install SMS by using a non-domain administrator Service account:  Create the SMS Service account. Ensure that the SMS Service account is a local administrator of all potential site systems (site servers, Client Access Points, Logon Points, or Distribution Points). Beginning in SMS 2.0 Service Pack 5 (SP5), it is possible to administer logon points under the context of a normal user account. For additional information about obtaining this functionality, click the following article number to view the article in the Microsoft Knowledge Base:

816292 Windows Logon Installation Requires Domain Administrator Permissions to Create Logon Points

 Run Setup.exe with the /nodomainadmin switch (for example, setup.exe /nodomainadmin).

Setup.exe is located in the Smssetup\Bin\I386 folder on the CD-ROM. If you attempt to change the SMS Service Account account or password through SMS Setup (a site reset), you may receive the following error message:

Setup has detected that the service account \  is not in the Domain Admins group in domain , do you want to add it to the Domain Admins group.

To work around this issue, change the SMS Service account user name and password in the SMS Administrator tool:
 * 1) Locate the site whose SMS Service account you want to change.
 * 2) Right-click the site, and then click Properties.
 * 3) In the Site Properties dialog box, click the Accounts tab, and then click Set.
 * 4) Type the SMS Service account information again.

Or, you can initiate a site reset by starting Setup.exe with the /nodomainadmin switch from a local drive or CD-ROM.

Additional query words: prodsms

Keywords: kbconfig kbhowto kbsecurity kbserver kbsetup kbsmsadmin KB294786

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.