We are planning an in-place upgrade from SMS 2003 SP3 to SCCM for our two separate SMS environments. Both environments are running in Standard Security, and share the same SMS Service Account, which is not a Domain Admin. The Schema has been extended.All site systems, clients, and accounts exist in a single domain.Environment #1 = 1 Central Site, 12 Secondary Sites, (3,500 clients)Environment #2 = 1 Central Site, 5 Primary sites, 900 Secondary(yeah!) sites distributed evenly below the Primaries. 20,000 clients.Upgrades have been tested several times in an isolated lab but it now necessary to test an In-Place upgrade for Environment #1 simulation in our production Active Directory domain. I've borrowed 2 subnet boundariesfrom the production site and installed a development SMS 2003 SP3 Central Site on one and a Secondary site below it on the other.My basic question is, in preparation for upgrading this dev environment to SCCM, when I change its site mode to Advanced Security and also set Require Secure Key Exchange, is there any chance what so ever that this could effect any of the production sites? Everything I've read tells me no, but I thought I'd post my question to see if anyone has anything they feel I should be concerned about. For example: Since the SMS Service Account is not in the Domain Admins group I believe I'llhave to run the SetSPN utlility for that account and dev systems. Is there any chance this could effect the service account's operation elsewhere on the domain and/or other SMS site systems? Thanks in advance for reading through my long post. Looking forward to getting to SCCM!Thanks,Chris

What's the "SMS Service Account"? Where is it used? ConfigMgr uses 'local system' for running its services and that cannot be changed. Require secure key exchange should not cause any problems.

The SMS Service Account runs an SMS Site server in Standard Mode. I know that config mgr user the 'local system' account. My questions/concern is regarding running production SMS 2003 sites in Standard mode while at the same time running other site in Advanced Mode, all in the same domain/forest. Both sites run SQL in user authentication mode, the account being the SMS service account. That is why I gave the example of SetSPN.

a standard security mode site can report to an advanced security mode site in SMS 2003. Kent Agerlund | http://scug.dk/members/Agerlund/default.aspx | The Danish community for System Center products