Id for ./sqlservice for Agent

Question

Id for ./sqlservice for Agent

shailendra-251422

Ten Centuries

Points: 1111
More actions
July 2, 2007 at 2:18 pm

#177321

The SQL server agent service runs with the id ./sqlservice. The SQL server service also runs with the id ./sqlservice
What is this user? what are the implications of using ./sqlservice and having the service run as some other user?

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 1

The ./ means it is a user account on that computer (a local user account). If you look at the list of users for that system using Computer Management, you should see a user called sqlservice. As to whether or not it's a good idea depends on the permissions it has and whether or not you need SQL Server to access network resources, support Kerberos authentication, etc. If you don't need that sort of stuff, it's typically the best security option if the user is not a member of the local Administrators group for the server.

K. Brian Kelley
@kbriankelley

Sugesh Kumar One Orange Chip Points: 27311 More actions · Answer 2

SQLService is a local user in the server running your sql server. With this kind of setup your sql server will not be able to access resources in network and you will have to place everything in your local server machine. its better to run your service in domain account if your server needs to access network resources.

Cheers,
Sugeshkumar Rajendran
SQL Server MVP
http://sugeshkr.blogspot.com

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 3

This one depends... remember the Principal of Least Privilege: assign only the rights needed. If the SQL Server doesn't have a requirement to access network resources, a local user account is the more secure option.

K. Brian Kelley
@kbriankelley

Sugesh Kumar One Orange Chip Points: 27311 More actions · Answer 4

Brain i have already included this in my post

its better to run your service in domain account if your server needs to access network resources.

this says what you have said

Cheers,
Sugeshkumar Rajendran
SQL Server MVP
http://sugeshkr.blogspot.com

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 5

I think we're arguing semantics and that's because I misread your post to imply you favor a domain user account. We're both trying to say the same thing: pick the right account based on the rights needed and don't give it any more than that.

K. Brian Kelley
@kbriankelley

Sugesh Kumar One Orange Chip Points: 27311 More actions · Answer 6

That's no problem Brain i just wanted to know if you have any other opinion on the same.

Cheers,
Sugeshkumar Rajendran
SQL Server MVP
http://sugeshkr.blogspot.com

steve block SSCertifiable Points: 7698 More actions · Answer 7

Sugesh,

Did you realize you were calling Brian "Brain"? Not a bad moniker to have.

Steve

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 8

Yeah, it's kinda nice being referred to as the mouse that tried to take over the world.

K. Brian Kelley
@kbriankelley

Sugesh Kumar One Orange Chip Points: 27311 More actions · Answer 9

Hey i dint realise that i was misspelling. sorry for that Brian(Brain).

Cheers,
Sugeshkumar Rajendran
SQL Server MVP
http://sugeshkr.blogspot.com