November 6, 2007 at 9:47 am
I read that each sql sever service should run under its own account. In order to ensure that permissions are granted appropriately it is a Best Practice to always use the SQL Server Configuration Management Tool to manage your service accounts. The installation process configures the SQL Server VSS Writer service and the SQL Server Active Directory Helper service to run as a local system account. I want to change the services so they run under their own specific accounts. Since the services don’t show up in the SQL Server Configuration Manager Tool I will have to make this change within Window’s Service Tool. This violates a “Best Practice” approach to administering SQL Server. Why do the services not show up in the SQL Server Configuration Management Tool?
I'm new to this. Thanks for your help!
November 6, 2007 at 2:52 pm
Those Services Operate only on the Local machine and there is no need to change that in fact is possibly the only way to ensure transparent access to VSS.
You should though use configuration manager for the "rest" of the services.
* Noel
November 6, 2007 at 10:19 pm
To piggy-back on what Noel has said..
The SQL Server AD Helper Service allows SQL Server to register objects in Active Directory as needed. When is it needed? When SQL Server isn't running as the local System account or as a Domain Admin level account. Since we typically don't want to run SQL Server under either of these two contexts, the SQL Server AD Helper Service is needed. Why local System? It's because of the permissions required to update objects in AD. You either need to be local System (or its equivalent) or a Domain Admin level account. Obviously, local System is the right choice here.
As far as VSS, that's the Volume Shadow Copy Service. It's used when VSS wants SQL Server to write all of its pages to disk, etc., so a clean and consistent snapshot can be taken. Again, this should only be running locally, and since it's a backup type process, as local System again.
K. Brian Kelley
@kbriankelley
November 7, 2007 at 10:16 am
Thanks so much for your help! I suppose I need to learn to be not so literal.
November 7, 2007 at 10:17 am
Thanks so much for your help!
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply