DOCUMENT:Q152808 06-AUG-2002 [exchange] TITLE :XADM: How To Change the Service Account PRODUCT :Microsoft Exchange PROD/VER::4.0,5.0 OPER/SYS: KEYWORDS:kbusage ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Exchange Server, versions 4.0, 5.0 ------------------------------------------------------------------------------- IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: Q256986 Description of the Microsoft Windows Registry SUMMARY ======= This article describes how to change the Microsoft Exchange Server service account after the initial Exchange Server installation. Microsoft does not recommend that you change the Exchange Server service account. However, you can use the following procedure in a situation where there is a single Exchange Server site and a single Exchange Server computer. In situations where there is more than one Exchange Server computer or site, the only workaround is a complete reinstallation of Exchange Server. MORE INFORMATION ================ WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. WARNING: If you use the raw mode of the Exchange Server Administrator program (admin /r) incorrectly, serious problems may occur that may require you to reinstall Microsoft Windows NT Server, Microsoft Exchange Server, or both. Microsoft cannot guarantee that problems that result from using raw mode incorrectly can be solved. Use raw mode at your own risk. You may find that your Microsoft Windows NT administrator account is the Exchange Server service account some time after installation. To change the Exchange Server service account without reinstalling Exchange Server: 1. Create a new Windows NT account that will be the new Exchange Server service account. Give this account Act as Part of the Operating System, Logon as a Service, and Restore Files and Directories rights. The password must be the same as the current Exchange Server service account password. 2. Start the Microsoft Exchange Server Administrator program in raw mode by typing the following at a command prompt: c:\exchsrvr\bin\admin /r 3. Assign the new account Service Account administrator permissions on the Organization container, Site container, and Configuration container property pages. 4. Add the new account to the Schema object: a. View the raw directory. To do so, on the View menu, click Raw Directory. After you click Raw Directory, a check mark is displayed on the View menu in front of Raw Directory. b. A new object called the Schema object is displayed in the directory tree at the site level. Click the Schema object, and then click Raw Properties on the File menu. c. Under "List attributes of type", click to select All. d. Click to select "Object Attribute", scroll down to "NT-Security-Descriptor", and then click Editor. e. Under "Attribute Editor Selection", click to select "NT Security Descriptor", and then click OK. f. Add the new account. g. Click OK. h. Click OK, click Apply, and then click OK. i. Click Set, click Apply, click OK, click Yes, and then click OK. j. Close the Microsoft Exchange Administrator Console. 5. If the new account is not a member of the Local Administrators group, give the new account Full Control on the following registry keys and subkeys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services HKEY_USERS To do this, you need to edit the registry. Start Registry Editor (Regedt32.exe), click to select each key, and then perform the following steps: a. Click Security, and then click Permissions. b. Click "Replace Permission on Existing Subkeys". c. Click Add. d. Click the new account in the "Add Users and Groups" list. 6. Stop the Exchange Server services. 7. In Control Panel, double-click Services and change the Log On account for each Exchange Server service. To do this, click each Exchange Server service, click Startup, and change the Log On As account. Enter the password for each service. 8. Restart all of the Exchange Server services. All of the services should start with the new Exchange Server service account. If you want to change the password, you can change it by using the Exchange Server Administrator program, in the Configuration property page. You must also change the password in Windows NT by using the User Manager for Domains utility. Under the C:\Exchsrvr folder, there are five shared folders (the Add- ins, Address, Connect, Res, and Tracking.log folders). For proper operation, the default permissions on these folders are the following: - Administrator: Full Control - Everyone: Read - : Full Control You need to change the permissions on these folders to reflect the new service account that is in use. NOTE: This procedure also works on a Windows 2000, Exchange 5.5 cluster server implementation. For additional information about changing the Service Account in Microsoft Exchange 5.5, click the article number below to view the article in the Microsoft Knowledge Base: Q266041 XADM: The 'How to Change the Exchange Server 5.5 Service Account' White Paper Is Available Additional query words: ====================================================================== Keywords : kbusage Technology : kbExchangeSearch kbExchange500 kbExchange400 kbZNotKeyword2 Version : :4.0,5.0 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.