System Center Operations Manager – Change the Agent Default Action to Local System via PowerShell

There are very few reasons when you’ll need to set up the agent default action account to use a domain account, instead of local system.  I only had to do it once for to monitor Exchange in foreign forest. If a workflow requires elevated administrative rights to run, it should be configured with a “Run As Profile”, which then spins off a “monitoringhost.exe” process with the configured “Run As Account”. Keeping your agent using the Local System account it will ensure that any questionable management pack keep damages to a minimum. :-)

If you’re interested in changing your default action account to Local System, but not keen to do one by one, here’s a powershell script for you.

Just make sure you exclude your management servers from the script. In my script below my Management Servers have a “OM0” in their name, so I’m using that as a wildcard to excluded them.

$newAccount = Get-SCOMRunAsAccount -Name "Local System Action Account"

$mg = Get-SCOMManagementGroup

$Instances = Get-SCOMClass -DisplayName "health service" | Get-SCOMClassInstance | where displayname -notlike "*OM0*"

If ($Instances -ne $null)

{

$newAccount = Get-SCOMRunAsAccount -Name "Local System Action Account"

  Foreach ($Instance in $Instances)

  {

    $secureRef = $mg.GetMonitoringSecureDataHealthServiceReferenceByHealthServiceId($instance.Id)

    $currentAccount = $mg.GetMonitoringSecureData($secureRef[0].MonitoringSecureDataId)

    $secureRef[0].MonitoringSecureDataId = $Newaccount.id

    $secureRef[0].Update()

  }

}