Re: AUDITORS !!!! AAAAAARRRRGHH

From: JPD <jpd@xxxxxxxxxxxxxxxx>
Date: Thu, 03 May 2007 13:53:01 +0100

Hi,

Generally speaking you use a domain account when you need the SQL Server service to be able to interact with other services on the network. See the following links for more info:

SQL Server - http://msdn2.microsoft.com/en-us/library/ms143691.aspx
SQL Server Agent - http://support.microsoft.com/kb/907557

Jonathan

Jim Trowbridge wrote:

Now I have to justify why we run SQL under a Local Admin account, instead of a domain user account (which is the microsoft recommendation).

Or, we will have to go through the change process to make this happen.

has anyone got arguments or opinions either way ?

Prev by Date: Re: Sql 2005 database default location during setup
Next by Date: Re: In-Place Upgrade error (2000->2005) "Unable to update password pol
Previous by thread: Re: SQL Express 2005 Installation Problems
Next by thread: Re: In-Place Upgrade error (2000->2005) "Unable to update password pol
Index(es):
- Date
- Thread

Relevant Pages

Re: SQL Services account question...
... The best thing is to do is to run your SQL Server under a domain account, ... Or, to quote Ekrem, "using a domain account as a SQL Server service account is a recommended way." ...
(microsoft.public.sqlserver.security)
Re: Running SQL Server Service as Domain User? - Security Concerns?
... make your domain account a member of the local administrators group. ... instructions on what rights on the database server the SQL Server and SQL ... > domain user called "sqlserveruser": ... the user the SQL Server service runs as has to have ...
(microsoft.public.sqlserver.security)
Re: Linked Server Connection Problem
... Use SQL authentication to connect to the SQL server from the client, ... set the domain account used to start SQL Server to have permissions in the ... Establish a SPN for your domain account which will enable Kerberos ... Load the Active Directory Users and Computers MMC snap-in. ...
(microsoft.public.sqlserver.connect)
Re: SQL Services account question...
... I wish you'd say the reason of not using a domain account as a service account for the SQL Server. ... Backup operations are performed by SQL Server service, at this point I don't know what goes on under hood exactly but SQL Server service may be needed to communicate to the AD for validation of the database owner and as the SQL Server service is a local one, it can't achieve this task. ... > Source: Security Event ID: 537 ...
(microsoft.public.sqlserver.security)
Re: about MSSQLSERVER run as LocalSystem
... If you need a SQL Server to be able to access other network ... running under a domain account. ... access to network resources. ...
(microsoft.public.sqlserver.security)