Contributed By: Cliff Hobbs [MVP SMS]
The following is based on the information published in the Security Essentials whitepaper available from:

http://www.microsoft.com/smsmgmt/techdetails/secessentials.asp

You should use a Site Reset in the following situations:

• You suspect a damaged site server.
   
• You want to change accounts/ passwords used by SMS (you can't just change them in User Manager) - a site reset ensures the SMS components are aware of any changes and updates components to use the new details.
   
• You want your site to change SQL settings such as which SQL server to use, the name of the SQL server to use, or you want to change the security mode SQL uses.

You can run a Site Reset in one of three ways, and depending which option you use determines what steps the Site Rest actually performs:

• Site Reset triggered from the Admin Console

• Site Reset triggered from Setup

• Site Reset triggered from Preinst.exe

Site Reset triggered from the Admin Console
Whenever you update the site accounts in the "Accounts" tab in the "Site Properties" dialog box, a Site Reset is triggered.  Only the SMS Service and SQL Server accounts are affected by this Site Reset provided any of their details are changed. As part of the Site Reset, all of the local SMS services are de-installed and re-installed:

• SMS_Site_Component_Manager
• SMS_Executive (only on the site server itself)
• SMS_Site_Backup
• SMS_SQL_Monitor (only on the site server itself)

Site Reset triggered from Setup
This type of Site Reset is triggered when you run "Setup.exe" and select the "Modify or reset the current installation" option. Again this type of Site Reset de-installs and re-installs all of the local SMS services, but this time the "SMS_Executive" and "SMS_SQL_Monitor" services are de-installed/re-installed on Component servers:

• SMS_Site_Component_Manager
• SMS_Executive (on the site server or component servers)
• SMS_Site_Backup
• SMS_SQL_Monitor (on the site server or component server)

Whilst running the "Modify or reset the current installation" wizard, any changes specified will affect the SMS Service, SQL Server, or Software Metering SQL Server account information stored in SMS. This type of Site Reset also allows you to change the SQL server information such as the name of the SQL server SMS should use and the SQL security mode.

If whilst running the wizard you don't make any changes, Site Component Manager will change the passwords for the service accounts used by Inbox Manager Assistant and SMS SQL Monitor on component servers during the initial site shutdown (in other words whilst Setup is still running). The sequence of events for each component on a component server is as follows:

• SMS component shutdown is completed
• SMS components are flagged for reinstallation
• SMS Remote Service account is recreated

Once these steps have completed, Setup will then shutdown the services, change the SMS Server Connection account password, install Site Component Manager, and then pass it an updated Site Control file.

At this point in SMS SP2 onwards, a dialog box is displayed that allows you to skip changing the password for SMS Server Connection account (which you'd do if you wanted to avoid locking out this account if you have a lockout policy enabled in your domain). This feature allows you to choose when and how you reset the SMS Server Connection account (more on this in a minute).

If necessary, the Site Reset process can re-create the SMS Server connection account.  But bear in mind that although this new account has the same name, it will have a different SID to the old account and will therefore not have the same level of access to resources as the old account. The way around this so that SMS servers can connect to the Site server properly is to grant this account full permissions on the SMS directory tree.

Back to SMS and the message dialog box that allows you to skip changing the SMS Server Connection account password.  You can use the "SMSAccountSetup.ini" to specify the passwords for the SMS connection accounts (don't leave this file lying around as it's a normal ASCII readable file). If the Site Reset process doesn't find a copy of this file is generates a random strong password for the SMS Connection account ("SMSServer_<site_code>" by default).  Again, if you have an account lockout policy enabled for your domain, you may lock this account out by changing it if an SMS Server attempts connect to the SMS Site Server before the new password is propagated to all of the SMS servers. Use User Manager to check this account doesn't get locked out.

Site Reset triggered from Preinst.exe
This type of Site Reset is triggered when using the "/STOPSITE" switch with the "Preinst" command. This type of Site Reset is the same as that initiated by running Setup, but the SMS Server Connection account isn't modified in anyway as this isn't part of the functionality of SMS Component Manager. The passwords for the Inbox Manager Assistant and SMS_SQL_Monitor accounts are changed.

Important: You need to remember that the Site Reset process does NOT change the password on the SMS Client Connection account.  SMS Setup initially creates this account, but from this point forward you need to manage this account through User Manager/ the MMC.

A Site Reset will also not change, manage or update any of the other site or client accounts.

The SMS 2.0 flow charts included in the "Systems Management Server 2.0 Resource Guide" include some of the details for these processes. Details and procedures for using site reset are included in Part 4 "Planning, Implementing, and Using SMS Security" of the Security Essentials whitepaper.