Changing the RMS Service Account

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

During installation, RMS creates the RMS Service Group on the local computer and grants the appropriate permissions on all of the resources required for RMS to operate. When you provision RMS on a server, you define the RMS service account by using a domain account. The RMS service account cannot be the same domain account that you used to install RMS. That account is made a member of the RMS Service Group, and it is granted the permissions that are associated with this group. During routine operations, RMS runs under the RMS service account.

Important

For security reasons, it is highly recommended that you create a special user account to use as the RMS service account. This account should be used exclusively for RMS and should only be a member of the Domain Users Active Directory group.

You can change the RMS service account at any time. When you do so, the previously specified account is automatically removed from the RMS Service Group, and the new account is made a member of it.

Note

The RMS service account cannot be the same domain account that you used to install RMS with Service PackĀ 1 or later.

For more information on changing the RMS service account, see To Change the RMS Service Account.