December 1, 2009 at 10:19 am
we have a service account we use to install sql server and run the services under, my boss would like a justification as to why we do so, googled. didn't find anything that i was satisfied with.
sonal.
December 1, 2009 at 10:29 am
Microsoft Technet statement:
http://technet.microsoft.com/en-us/library/cc966456.aspx
The account should be one to which no single person knows the entire password. The password should be lengthy. The account should only have the necessary permissions to perform sql server tasks - no more, no less. The account should also not be used to login to computers/servers/SSMS for day to day activities by users or DBAs. Occasionally, it should be understood, one may need to login with that account strictly to troubleshoot.
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
December 1, 2009 at 10:38 am
Jason,
The account already exists, the higher ups want a reason why it is needed.
sonal.
December 1, 2009 at 10:44 am
Understood.
Those reasons were included in my response.
1. Security Best Practice
2. It should not be an account used by anybody but the service
3. SQL services should not have any permissions beyond what is absolutely necessary
4. Password to the account used to start those services should not be known by any single person.
5. Using other accounts than a dedicated service account may provide weakened security and easier hackability.
6. LocalSystem should not be used
7. Using a domain admins account (or any other non-dedicated account) could cause the system to stop working if the account expires or is removed. Both of which should not happen to Service Accounts (though a password expiry may occur).
Jason...AKA CirqueDeSQLeil
_______________________________________________
I have given a name to my pain...MCM SQL Server, MVP
SQL RNNR
Posting Performance Based Questions - Gail Shaw[/url]
Learn Extended Events
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply