November 20, 2022 at 1:28 pm
Hi All,
We are running on small online web based application and server is workgroup cannot create domain account.
Which is best account to the SQL server -- Default it is running under "NT Service\MSSQLSERVER", can I change this is to local service account. Since our server is getting log on failure and hack as well. Looks like someone hack it and create object using login name "network service", I believe it from web portal injection and they used SQL service run on account.
November 20, 2022 at 5:20 pm
If someone hacked your system - they probably did not get access to SQL Server through the account running SQL Server. That account is a virtual account and will be used in SQL Server regardless of the actual windows account used to run the service.
If you change it to a local service account you will actually be granting additional permissions that could provide elevated access to the OS - which is not available to that virtual account.
In order for someone to be able to even use that account, they have to first gain access to the server as a local administrator - and if you have granted local administrators access to SQL Server that would be your first problem and the most likely source of any hacks.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
November 21, 2022 at 4:10 am
Thank you Jeffrey Williams. Then we will run in the same account, but not sure what us the password for that default account.
Can we reset the password. I am further checking with our service provider for port enabled to public etc.
November 21, 2022 at 12:31 pm
We cant reset the default use accounts, these are individual to each server.
You cannot change post install also.
Regards
Durai Nagarajan
November 21, 2022 at 12:42 pm
Thank you confirming Durai, that's what I read after I posted.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply