February 7, 2013 at 8:16 am
I have just installed our first instance of SQL Server 2012 and am having issues. As part of our security setup, we run our services with local users and remove the NT System/NT Authority logins from the instance. In the past, we added the local users to the SQL Server groups to give them the necessary security on the OS. However, I cannot find the groups for 2012. Could someone please point me in the right direction of where they are now?
February 8, 2013 at 8:26 am
Have you logged in with sa? If you log in with sa add your group if you do not see it.
MCSE SQL Server 2012\2014\2016
February 8, 2013 at 8:29 am
I can add domain groups to the SQL Server instance. I am talking about the Windows groups that were created with SQL2K5 and SQL2K8.
February 8, 2013 at 8:39 am
I see, I have never used local groups on my services (windows or default local system account) I have always used a domain service account. However I would not use windows accounts for my services, personal preference. 🙂
MCSE SQL Server 2012\2014\2016
February 8, 2013 at 8:45 am
To decision to use local users was made above my head. Setting the permissions for the service startup account was done by adding the user into the local Windows group. If we change the service startup account, how do we set the permissions?
February 8, 2013 at 8:49 am
Just set it up as a service account in AD, the defaults can be used. Place it on a test box or a box that can be restarted to test to see that it will function correctly. That way you can go above and let them know it works. Just remember you have to restart services for the change to take place.
MCSE SQL Server 2012\2014\2016
February 8, 2013 at 8:53 am
I cannot set up any accounts in AD, our security team does that. It was also decides to use a distinct user for every server, which is why they create them locally on the box.
February 12, 2013 at 12:29 pm
Hi,
It is recommended to run the SQL Services on an AD account.So update them the benefits of using a service account as a standard for all the sql server instead of using single user account on each server. This is more secure than using the individual accounts.
Thanks
Srikanth Reddy Kundur
February 12, 2013 at 12:58 pm
We used to use one AD account for all SQL Server services and another for all SQL Agent services. The service login account were changed after the install was complete, so we granted them both local admin rights on the servers. However, we have an isolated network where we had to conform to Federal requirements, one of which was no AD accounts unless absolutely necessary. We just decided to apply those requirement to all of our servers.
February 12, 2013 at 5:10 pm
SQL Server 2012 doesn't use local groups anymore (though it does for SSAS).
There's a good explanation here
February 13, 2013 at 7:51 am
The link explaned what it is doing, but not why they decided to stop using the local Windows groups.
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply