Hello @Thomas LOUNIS
Accounts for services and computers should not be members of the Protected Users group. This group provides no local protection to these types of accounts because the password or certificate is always available on the host.
The protection triggered by membership of the Protected Users group is non-configurable. You have two options to authenticate with your SCCM server: using server credentials or your Windows credentials. Kerberos authentication is currently the default authorization technology used by Microsoft Windows.
For a viable solution refer this article . Security and privacy for site administration in Configuration Manager
https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/security-and-privacy-for-site-administration
Hope this resolves your Query!!
--If the reply is helpful, please Upvote and Accept it as an answer--