Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > SQL Server > SQL Server 2005 > SQL Server 2005
Password Reminder
Register
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
SQL Server 2005 General discussion of SQL Server *2005* version only.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the SQL Server 2005 section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old May 31st, 2006, 06:26 PM
Authorized User
 
Join Date: Nov 2005
Location: , , .
Posts: 51
Thanks: 0
Thanked 0 Times in 0 Posts
Default SQL Server services Log On

When I came in to work today, none of the applications that used SQL server could access their databases. I eventually noticed all the SQL Server services were running under my domain account, not the local system account (MSSQLSERVER, AD Helper, Browser, FullText Search, etc). My domain account password was changed yesterday due to the group policy requirements. I changed all the services to run under Local System, then restarted them and all the apps worked fine.

I installed SQL Server 2005 on a brand new server while logged in as my domain account, and it aparently used my logon by default. Is there a particular reason for this? Are there any pros/cons of running SQL Server services under the Local System account versus a domain account? Thanks!

Reply With Quote
  #2 (permalink)  
Old July 7th, 2006, 08:56 AM
Registered User
 
Join Date: Jul 2006
Location: Louisville, KY, USA.
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via MSN to DerekComingore
Default

When you install SQL Server 2005 one of the steps is choosing the Service Account. The account you use for SQL Server's service account is a very important decision. Here is an excerpt from April/BOL2005 on the matter...

Options
You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically.

Security Note:
Setting strong passwords is essential to the security of your system. Always use strong passwords.



Customize the logon for each service account
Select the Customize for each service account check box to customize settings for individual services.

This option assigns specific logon accounts to individual services. Click this check box to implement the principle of least privileges, where SQL Server services are granted the minimum permissions they need to complete their tasks. For more information, see Setting Up Windows Service Accounts.

If this check box is not selected, the same account and settings are used for all SQL Server services.

Select any of the following services to customize its settings.

Select this service To configure authentication settings for
SQL Server
 The SQL Server Database Engine

SQL Server Agent
 The service that executes jobs, monitors, SQL Server, and allows automation of administrative tasks.

Analysis Services
 Analysis Services

Report Server
 Reporting Services. Service accounts are used to configure a report server database connection. Choose a domain user account if you want to connect to a report server database on a remote SQL Server instance. If you are using a local report server database, you can use a domain user account or Local System to run the service.

SQL Server Browser
 SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple SQL Server and Integration Services instances.


Use the built-in System account
You can assign Local System, Network Service, or Local Service to the logon for the configurable SQL Server services.

The Local System option specifies a local system account that does not require a password to connect to SQL Server on the same computer. However, the local system account may restrict the SQL Server installation from interacting with other servers, depending on the privileges granted to the account.

Important:
Local System is a powerful account; it may not be appropriate for all Service settings. For more information, see Security Considerations for a SQL Server Installation.



The Network Service account is a special, built-in account that is similar to an authenticated user account. The Network Service account has the same level of access to resources and objects as members of the Users group. Services that run as the Network Service account access network resources using the credentials of the computer account.

Important:
We recommend that you do not use the Network Service account for the SQL Server or the SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL Server services.



The Local Service account is a special, built-in account that is similar to an authenticated user account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with no credentials.

For more information on service accounts, see Setting Up Windows Service Accounts.

Use a domain user account
Specifies a domain user account that uses Windows Authentication to set up and connect to SQL Server. Microsoft recommends using a domain user account with minimal rights for the SQL Server service, as the SQL Server service does not require administrator account privileges.

The SQL Server Agent account must have administrator privileges if you create CmdExec and ActiveScript jobs that belong to someone other than a SQL Server administrator, or if you use the AutoRestart feature. If the above features are requirements in your environment, consider using separate service accounts for the SQL Server and SQL Server Agent services.

For strong password guidelines, see Authentication Mode.

Note:
The domain name cannot be a full DNS name. For example, if your DNS name is my-domain-name.com, use my-domain-name in the domain field. SQL Server Setup will not accept my-domain-name.com in the domain field.


RedmondSociety.com
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Audit trailing using SQL server log file madhukp SQL Server 2000 1 April 4th, 2006 01:11 PM
Viewing SQL Server Events Log(s) through .NET Ahmed_Kamran SQL Server 2000 1 December 30th, 2004 01:58 AM
SQL Server - System log full Jane SQL Server 2000 3 December 23rd, 2004 10:10 PM
SQL server log is too big. khautinh SQL Server 2000 3 September 26th, 2003 11:51 AM



All times are GMT -4. The time now is 03:35 AM.


Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.