Re: Help with Software/Hardware decision....

From: Jetro (somewhere_at_internet.space)
Date: 12/18/04 

Date: Sat, 18 Dec 2004 10:10:59 -0500

It doesn't matter how you'd distribute the software over this powerfull
hardware having 30 users. You can put everything on PE 2600 if 72GB is
enough and imagine it's a Small Business Server.

SQL server on DC question has two aspects such as performance and security.
If you have enough network bandwidth, memory, and spare processors, using
the computer running SQL Server as a domain controller will work (and it
does work). But the processing could be a lot of work, depending on the size
of your domain. If you expect SQL Server to be busy, do not run any other
service with it. This recommendation originates from NT4 and 386 computers.
MSSQLServer service must run within the security context of an NT account.
This configuration lets users assign permissions and rights to a service by
assigning those permissions and rights to the underlying NT account. You
have two account choices: You can run a service as LocalSystem, which is an
administrator account with powerful rights and privileges, or you can run a
service as normal, which is an account with the rights of an ordinary system
user. By default, the setup program installs MSSQLServer to run as a
LocalSystem account, giving users powerful rights and privileges.
You can avoid these security holes (even if you install SQL Server on a
domain controller) by running MSSQLServer under an account other than
LocalSystem and without domain administrator privileges. However, to contain
potential security problems and not degrade performance, your best option is
to put SQL Server on a member server rather than a domain controller.

You should have minimum 2 DC. Think about USB drives as the backup devices
instead of tape for full backups at least.

P.S. Terminal Services clients, branch servers, and unwillingness to travel
aren't relevant :)

Relevant Pages

  • Re: WAN Link Connectivity
    ... the GPO for the domain controller. ... which creates user accounts and assigns rights ... You add a user account and assign rights to the account. ... > Please also check if the Power Users group is used in the User Rights ...
    (microsoft.public.windows.server.sbs)
  • Re: Error 0x80070534 when changing service account
    ... Managing this on a domain controller can be a pain. ... issues - it's a different risk when you install SQL Server ... If I use the prefix, I got error 0x80070534, if I don't use the prefix I got ... Which means the password you used for the account was ...
    (microsoft.public.sqlserver.security)
  • Re: Scheduling a simple local package wont stick
    ... the FTP is just the first part of this package I wish to accomplish. ... group does not need to be, and on my servers is not, a SQL Server sysadmin. ... it is not obvious to me which account you are running under ... The rights you need to check are not SQL Server rights, ...
    (microsoft.public.sqlserver.dts)
  • Re: ASP.NET - SQL Server does not exist or access denied
    ... Make sure that the account is set up with "Log on as a Service" and "Log on as ... Make sure you've looked at your machine.config file as well (Windows ... ensure it would have no rights as a user), then set it up with the "log on" ... > a "SQL Server does not exist or access denied" error. ...
    (microsoft.public.sqlserver.security)
  • Re: Placement of database (newbie question)
    ... What account rights is the SQL Server service running with? ...
    (microsoft.public.sqlserver.server)