Share via

Password to be changed frequently

Aswin Thomas(UST,IN) 426 Reputation points
2023-09-27T15:30:03.3666667+00:00

Hello All,

Hope you are doing good!!

As per our organization policy it is now a mandate to change the password of all the service accounts related to SCOM which was to password never expire earlier. So could you please help me with the areas we want to accommodate the new passwords. Below are the service accounts for which password is needed to be changed.

SCOM OM Config and DataAccess Account, SCOM OM Server action account, SCOM Reporting Read Account, SCOM Reporting Write Account, SCOM SQLSVC.

Thanking you in advance.

Aswin Thomas

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,433 questions
0 comments
Accepted answer
  1. SChalakov 10,371 Reputation points MVP
    2023-10-04T12:11:17.1833333+00:00

    Hi Aswin,

    I would not consider changing passwords at all. I have seen this in different organizations and it is very time-consuming and also unproductive. Of course you can do it, you just need to follow the same procedure every couple of months (depending on how frequent password chnages have to be) and if you operate a big SCOM environments (multiple Management Servers, complexer toplogy) then this will be super impractical.

    What I always recommend and also implement instead is running SCOM with gMSA, which do not require password management at all, because this is done by the domain controllers in the domain.

    Here a couple of important remarks on the topic. First let's start with what gMSA actuallly is ( a bit of theory):

    Secure group managed service accounts

    and

    Group Managed Service Accounts Overview

    Aftewrads let's note that SCOM supports gMSA for all versions after SCOM 2019 UR1.

    SCOM: Support for group managed service accounts

    The actual guide with details can be found at the end of this same MS Learn article:

    User's image

    You can follow it and re-configure your management group.

    I have already done this and it costed me a day to complete this procedure for a larger MG. After doing this once I don't need to think of password management at all.

    On the Internet you can find also a couple of other nice blog possts with screesnhots, which will help you migrate to gMSA. Example:

    Implementing gMSA in SCOM 2019 UR1 - The Monitoring Guys

    and

    SCOM 2022 Installation, gMSA, Standalone Web Console Server with Constrained Delegation - The Monitoring Guys

    I hope I could be of your assistance with this one.

    (If the reply was helpful please don't forget to upvote or accept as answer, thank you)
    Regards,
    Stoyan

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. XinGuo-MSFT 15,246 Reputation points
    2023-09-28T06:47:44.38+00:00

    Hello Aswin,

    To change the passwords for the mentioned SCOM service accounts, follow these steps:

    SCOM OM Config and DataAccess Account:

    • Update the password in SCOM Console under Administration > Run As Configuration.

    SCOM OM Server Action Account:

    • Change the password in the SCOM Console under Administration > Run As Configuration.

    SCOM Reporting Read Account:

    • Adjust the password in the SQL Server Reporting Services Configuration Manager.

    SCOM Reporting Write Account:

    • Change the password in the SQL Server Reporting Services Configuration Manager.

    SCOM SQLSVC:

    • Update the password for the SCOM SQL Server service in SQL Server Configuration Manager.

    Remember to update any scheduled tasks or scripts that use these credentials. Additionally, ensure that monitoring is not affected during the password change process.

    Let me know if you need further assistance!