September 30, 2009 at 6:55 am
I'm currently using a domain admin account as the log on acct for the SQL services.
Is it best to use Local System Acct?
Are there any good reasons to use my domain admin acct?
Any input is [always] appreciated.
John B <- is taking off the ACCESS training wheels 🙂
September 30, 2009 at 7:09 am
As far as using a domain account or local account it depends on the security policies and guidelines for your company. I would check with your Security Officer (or whoever handles the IT policies for your company) to see if there is a standard to be followed.
With using a domain admin account it does not follow the principle of least privilege. You can create a local or domain account, then if you change the service account through the Configuration Manager, it will apply the least amount of permissions needed for the account to run SQL services.
Using Local System account would cause some restrictions if using SQL Agent jobs that need to access a network share or resource. As well it is more secure to use a dedicated user account, whether it be local or domain.
This is a document used by VISA that I came across that has some good points in security with regards to service accounts.
EDIT: Missed the comment on Local System account.
Shawn Melton
Twitter: @wsmelton
Blog: wsmelton.github.com
Github: wsmelton
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply