DOCUMENT:Q294786 06-AUG-2002 [sms] TITLE :SMS: How to Use a Non-Domain Administrator Service Account PRODUCT :Microsoft Systems Management Server PROD/VER::2.0 SP2,2.0 SP3 OPER/SYS: KEYWORDS:kbsetup kbConfig kbSecurity kbServer kbsms200 kbsmsAdmin ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Systems Management Server versions 2.0 SP2, 2.0 SP3 ------------------------------------------------------------------------------- SUMMARY ======= In Systems Management Server (SMS) 2.0 Service Pack 2 (SP2) and later, administrators can set up the SMS Service account as a non-domain administrator in both Microsoft Windows NT 4.0-based and Microsoft Windows 2000-based domains. For details about using this configuration, including important warnings, read the "SMS Security Essentials" white paper that is located online at the following Microsoft Web site: http://www.microsoft.com/smsmgmt/techdetails/secessentials.asp (http://www.microsoft.com/smsmgmt/techdetails/secessentials.asp) MORE INFORMATION ================ By default, SMS Setup requires the Service account to be a domain administrator and does not allow the installation to finish if you are using a non-domain administrator account. To install SMS by using a non-domain administrator Service account: 1. Create the SMS Service account. 2. Ensure that the SMS Service account is a local administrator of all potential site systems (site servers, Client Access Points, Logon Points, or Distribution Points). 3. Run Setup.exe with the /nodomainadmin switch (for example, "setup.exe /nodomainadmin"). Setup.exe is located in the Smssetup\Bin\I386 folder on the CD-ROM. If you attempt to change the SMS Service Account account or password through SMS Setup (a site reset), you may receive the following error message: Setup has detected that the service account \ is not in the Domain Admins group in domain , do you want to add it to the Domain Admins group. To work around this issue, change the SMS Service account user name and password in the SMS Administrator tool: 1. Locate the site whose SMS Service account you want to change. 2. Right-click the site, and then click Properties. 3. In the Site Properties dialog box, click the Accounts tab, and then click Set. 4. Type the SMS Service account information again. Or, you can initiate a site reset by starting Setup.exe with the /nodomainadmin switch from a local drive or CD-ROM. Additional query words: prodsms ====================================================================== Keywords : kbsetup kbConfig kbSecurity kbServer kbsms200 kbsmsAdmin Technology : kbSMSSearch kbSMS200SP2 kbSMS200SP3 Version : :2.0 SP2,2.0 SP3 Issue type : kbhowto ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2002.