What can be serious consequence of using Local System Account or Built Account for SQL Server Service?

  • Hello,

    Could anyone please give any practical scenrio which can represent the serious security breach while using built in system accounts.

    Regards
    VG

  • Vivek

    The main problem is that the Local System account is an admin on the server, which means that SQL Server will, in effect, have access to the whole server.  Somebody could maliciously or accidentally write code that does damages to resources outside of SQL Server, for example using xm_cmdshell.  Conversely, using Local System means you don't have access to resources on different servers, for example to perform backups or restores across the network.

    John

  • John Mitchell-245523 - Thursday, June 15, 2017 4:33 AM

    using Local System means you don't have access to resources on different servers, for example to perform backups or restores across the network.

    This is not quite correct, a service runn8ing under the context NT AUTHORITY\SYSTEM can authenticate to the network via the computer account

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • Thank you John and Perry

    Regards
    VG

Viewing 4 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic. Login to reply