Security Mode
SMS Server 2003 uses security modes to
specify how accounts are used by the different SMS Services. During
installation, you are required to select a security mode. Once the
SMS site server is installed, the security mode can be changed from
standard to advanced, but not from advanced to standard. Therefore,
if you have any doubts on what security mode to use, use the
standard security mode because it can be changed later.
Standard Security
In standard security mode SMS 2003 will use
regular user accounts for the SMS Service and any connections made
to SMS site systems. Although a valid approach to service
management, it requires managing user accounts that need password
changes frequently. Some network administrators will oversee this
and never change the password for those accounts since they are not
used by network users. However, this is considered a security
breach that can be exploited by crackers.
Advanced Security
In
advanced security mode, SMS 2003 uses the Local System account to
run SMS services and computer accounts to establish connections to
site systems. This is more secure because computer accounts are
automatically managed by Active Directory and their passwords are
changed every time a computer logs off the domain. This is the
recommended security mode to use with SMS 2003.