A good friend of mine, Ralph Kyttle, who works at Microsoft as an MCS Consultant in the DC area, recently pinged me about a new configuration he was testing which circumvented the use of a traditional SQL Run As Account. Rather than configuring the traditional SQL Run As Account (we all know how much fun that is), the Health Service was configured to use a Service Security Identifier (SID) which allows the SCOM agent to monitor SQL server without all of the tedious permission configuration. To add even more value, Kevin Holman published a great blog post yesterday highlighting the details of this configuration and added a really cool monitor and tasks to help ensure that this configuration is functioning properly. Very cool stuff!
Have a look at Kevin’s blog post here for more details.