Professional MOM 2005, SMS 2003, and WSUS

SMS Server 2003 uses security modes to specify how accounts are used by the different SMS Services. During installation, you are required to select a security mode. Once the SMS site server is installed, the security mode can be changed from standard to advanced, but not from advanced to standard. Therefore, if you have any doubts on what security mode to use, use the standard security mode because it can be changed later.

Standard Security

In standard security mode SMS 2003 will use regular user accounts for the SMS Service and any connections made to SMS site systems. Although a valid approach to service management, it requires managing user accounts that need password changes frequently. Some network administrators will oversee this and never change the password for those accounts since they are not used by network users. However, this is considered a security breach that can be exploited by crackers.

Advanced Security

In advanced security mode, SMS 2003 uses the Local System account to run SMS services and computer accounts to establish connections to site systems. This is more secure because computer accounts are automatically managed by Active Directory and their passwords are changed every time a computer logs off the domain. This is the recommended security mode to use with SMS 2003.
