domain\server$

  • Hi, SQL Server log shows several login failures from the login "domain\server$". What does that mean? I read somewhere that it means that the remote machine is using "network service" to run the service which is connecting to SQL Server. I don't understand what that means and if I need to change something or if the app team needs to make a change.

    Does the $ on the end indicate a system created object in AD?

    Thanks for reading.

  • First - AD accounts that end in $ are accounts that are created when a server or workstation is added to the domain. The name of the account is the same as the server name suffixed with $.

    So, yes, network service is the likely reason. As for whether anything needs to be changed - well, that is entirely up to you and your organisation. It may be correct for the service to be using this account. Personally, I prefer to create specific accounts that can be given the minimum set of privileges for a particular function/application - this limits the potential for problems if there are any security breaches. This is the reason that you have proxies available within SQL Server Agent.

  • Thanks happycat. I'm going to advise the application team to use a service account instead.

  • happycat59 (9/23/2013)

    So, yes, network service is the likely reason.

    Just to note here--the built-in LocalSystem account also authenticates as the computer on the network, so would also be connecting with DOMAIN\SERVER$ credentials; people often forget that one because they think from the name that account only has local access, which is not the case. The LocalService account (which I think was added in Windows 2008) presents anonymous credentials on the network, so behaves more like people think LocalSystem does.

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply