SMS Security Account Principles

  • Article

The following principles are general guidelines about how SMS implements security. Each principle includes information that the SMS administrator should consider and a recommended best practice.

Principle 1: All required SMS accounts can be automatically created. Automatically created accounts have automatically generated passwords that are encrypted, either by the operating system or by SMS.

Implications for the administrator: The encryption of all automatically set SMS passwords and the random generation of SMS-created passwords maximizes security because it results in very strong passwords that are not exposed. If you modify the account password, you compromise SMS security, and can cause the account to become locked out.

Best Practice: For this reason, and to minimize the potential for account lockouts, leave the account Password never expires option enabled for SMS accounts, and do not change the passwords on automatically created SMS-managed accounts.

Principle 2: You can manually create SMS accounts for most SMS account roles.

Implications for the administrator: You can set the passwords or account names for manually created accounts.

Best Practice: If you need control over the accounts or their passwords, manually create the SMS accounts.

Principle 3: SMS can use many accounts. For some site and client functions, you can use optional accounts.

Implications for administrator: You can use these optional accounts to increase security by granting privileges on a more granular basis, which minimizes the risk to all SMS processes if the security of a single account is breached. However, these additional accounts also increase the administrative workload required to plan for and manage security-related tasks.

Best Practice: Create and specify accounts in addition to those created by SMS Setup to minimize the use of the SMS Service Account.

Principle 4: The higher the privileges of an SMS account and the greater the number of processes accessed by the account, the more important it is to limit physical access to the computer that the account runs on or is used from.

Implications for administrator: When you plan the physical location of SMS component servers, consider the accounts running on each computer and the privileges granted to those accounts. For example, if you have site servers located in smaller branch offices with minimal security, take additional steps to restrict physical access to those computers.

Best Practice: Restrict physical access to SMS servers. Also, limit access to privileged accounts to as few administrators as possible. It is important to follow these precautions because the SMS Service Account and the SQL Server account have site-wide access. By restricting access to these accounts, you minimize the number of times you must change SMS passwords to provide the appropriate level of security.

Principle 5: Manual changes made to accounts through the SMS Administrator console are not automatically made in the security systems for the operating system or SQL Server. The same principle applies to accounts that are manually specified in SQL Server.

Implications for administrator: If you manage an account manually in the SMS Administrator console, you must also manage it in Windows NT® User Manager for Domains or Active Directory Users and Computers, or in SQL Server Enterprise Manager.

Best Practice: Document a procedure for managing SMS accounts in your SMS site that includes all the steps and tools that are required.

Principle 6: SMS account management involves trade-offs. Standard security uses many accounts to manage SMS tasks and requires careful management of those accounts. Advanced security minimizes account management. However, several prerequisites must be met before you can implement advanced security.

Implications for administrator: To effectively balance security with administration and deployment issues, it is important to understand key security decision points and how to implement those decisions in SMS. For example, which accounts are required and which can you specify on an optional basis for greater security? Which directory permissions can you change without disrupting SMS functionality?

Best Practice: Use optional accounts as appropriate and migrate to advanced security when it is practical.

For More Information

Did you find this information useful? Please send your suggestions and comments about the documentation to smsdocs@microsoft.com.