April 26, 2006 at 2:28 pm
I recently started another Job. We currently have SQL 2000 (SP3). The MSSQLServer and SQLServerAgent Services log on with the local administrators account on the SQL Server. This account is Servername\Administrator or .\Administrator. Is this a good practice or a bad practice? On my previous job we used 'sqlagent' as the login or account to log on to Services and to use as the owner of Jobs. The 'sqlagent' login was assigned to the system administrators server role.
Thanks in advance, Kevin
April 26, 2006 at 10:56 pm
It's not a good practice to leave a computer's administrator account as "administrator." That results in a known name in order to try and hack against. What is typically done is the administrator account is renamed (there is such an option in the local security policy) and a dummy account named administrator is created. That "administrator" account is disabled. The reason for this is it gives you an indication if someone is trying to hack the account if you have the appropriate audit logging settings.
As far as the privileges given to the SQL Server and SQL Server Agent accounts, security best practices say minimize the permissions as much as possible (Principle of Least Privilege). That means not running the services with administrative rights. However, it isn't an unusual practice to see such accounts running with administrative rights on a server.
K. Brian Kelley
@kbriankelley
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply