Menu Close

SCOM 2019 Security Account Matrix

Below you will find a security account matrix for SCOM 2019, that includes all the common service and security accounts in SCOM, and their default or recommended permissions.  This includes the management servers, the database servers, SQL Role permissions, and database mappings.  You can use this to correct deployments where permissions got modified incorrectly, or to verify that a least privileged model is being used.





This matrix is for SCOM 2019.  For SCOM 2016, please see:








    • Kevin Holman

      No. SCOM 2016 link is provided above. 1807 should really not be in use anymore, as it was semi-annual channel and expired…. but I’d probably just use the 2016 permissions example for that.

  1. Brian Wright

    I don’t think this is entirely accurate, it appears that the MS action account’s permissions on the MS, also need to be applied to gateway servers from which you point the targets before discovery (as well as ‘verify computers can be contacted’ checked. At least that’s the only way I’ve been able to push to servers in different forests than where my SCOM infrastructure is.

Leave a Reply

Your email address will not be published. Required fields are marked *