January 30, 2007 at 11:06 am
I would like to change the id that SQL server runs under from (domain name\sqladmin ) to SA. Last night after a patch was installed the id 'domain name\sqladmin' was locked and the production database was unable to come up. I had the id unlocked and was able to get the database restarted. The same problem occurred with patches to dev and UAT. The MS SQL service and the SQL Agent is supposed to start when the OS starts but it fails to start as the box is checked. It looks like there is some configuration problem with this server. Should I change this to start under SA? Or should I let the SA check for any configuration problem? Could you let me know how to take care of this?
Thank you,
January 30, 2007 at 11:21 am
You can change the logon account used by the MSSQLServer service.
Start > Run > Services.msc
Right-click the MSSQL service, properties, and change the logon account at the Logon tab.
January 30, 2007 at 12:00 pm
I'm not sure if I would use the SA account to start SQL Server. What you may want to do is find out why the sqladmin account was locked out, you may have someone attempting to use that login somewhere on your network which in itself is not good. Also, you may want to stay away from sqladmin as an account name as that would be one of the first accounts to hack in a network attack. Maybe I'm paranoid, but I normally switch my port from the standard 1433 and come up with a totally different name utilzing a combination of the servername and function for the account.
Marvin Dillard
Senior Consultant
Claraview Inc
January 30, 2007 at 12:07 pm
- You should run sqlserver using an "own" sqlserver-domain account that serves only that sqlserver (or a group of sqlservers if you want to)
- Be carefull when changing the serviceaccount using servicemanager ! If you can use Enterprise manager, because it sets the needed authorities for the given account (as well windows as sqlserver auth) !!
- You should find out why your domain-account (domain\sqladmin) was locked ! If sqlserver is served by an account that has been locked out, it is normal (and wishfull) that the sqlserver does not start
- most sqldba's revoke "builtin\administrators" from sqlserver ! (we always revoke that spacial windows group) This means you cannot change the service account to "local system" using service manager !
- We use dedicated domain-accounts for sqlserver services. They are only used for one sqlserver instance ! In some exceptions the get granted auth. to other sqlserver-instances because of application-needs, but that is very rare.
Johan
Learn to play, play to learn !
Dont drive faster than your guardian angel can fly ...
but keeping both feet on the ground wont get you anywhere :w00t:
- How to post Performance Problems
- How to post data/code to get the best help[/url]
- How to prevent a sore throat after hours of presenting ppt
press F1 for solution, press shift+F1 for urgent solution 😀
Need a bit of Powershell? How about this
Who am I ? Sometimes this is me but most of the time this is me
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply