September 25, 2008 at 1:07 am
why should we go for domain accounts?
what is the necessity to go into this ?
September 25, 2008 at 3:31 am
1. in ancient times [~Sybase] there were only SQL-logins that requires password, but SQLServer has had Windows integrated (domain logins whether NT4 or Win200x AD with Kerberos) where the O/S does the security work (so SQL by itself doesn't have to).
2. the SQL-logins requiring passwords means passwords [unencrypted unless using SSL] has to travel over network so represents security risk (windows integrated is single-signon and has CHAP/etc binary challenges).
3. group accounts (MyDomain\Finance) is preferable to individuals (MyDomain\jsmith) for db logins. Typically IT dept handle accounts so as people join/move/leave it is their problem to manage not the DBAs !
HTH
Dick
September 25, 2008 at 4:15 am
Do you mean why use domain accounts for the SQL Server services rather than the local system account? If so, it's because the local service account can't access network resources. If you need your server to interact with other servers, send notifications, forward events to app logs, then you'll need to use a domain account.
Cath
September 25, 2008 at 4:22 am
thanks for your replies
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply