Local System Account or Domain Account For SQL Server Service

Local System Account or Domain Account For SQL Server Service

Post by Ken Stewa » Fri, 23 Nov 2001 03:24:25



For SQL Server 2000 Enterprise Edition on Windows 2000 Advanced
Server, should we use the local system account to run the SQL Server
Service, or a Windows domain account?  I understand some of the
benefits of using a domain account for the agent e.g. SQL Mail,
although this is not supported for SQL Server clusters, but am
clueless when it comes to the server service.

Also, are there some security issues with using the local system
account?  Can a stored procedure writer use xp_cmd to do something
*, like format C:\ ?  If so, what kind of privs do you need to
give to your domain account?

Thanks in advance for sharing your knowledge!

Ken

 
 
 

Local System Account or Domain Account For SQL Server Service

Post by Ranjit Kurian[M » Fri, 23 Nov 2001 07:41:00


It is preferred to run SQL server under a Domain account. If you use a
local system account then you do not have any network access outside the
box. For clusters it is a absolute must that SQL server is running under a
domain account and also this account must be part of a local administrtator
group of all nodes. SQL Books Online has all this information

Ranjit

Disclaimer:
This posting is provided AS IS with no warranties, and confers no rights.

 
 
 

Local System Account or Domain Account For SQL Server Service

Post by David Ga » Fri, 30 Nov 2001 16:35:07


Domain account is perfered, but local system account doesn't add any risk of running xp_cmdshell. You need to restrict your permission on xp_cmdshell. Even you don't use system account, the account that sql server runs should be able to make enough demage to you!  

David Gao, MCSE, MCDBA

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

 
 
 

1. confusion between local system account and this account in services log on as

BOL states that the local system account is limited to network
rights,replication,etc.
What is the local system account ?

If i have a server that is a member server of the domain and the server is
logged on with a domain account , is this account the local system account ?
Which user holds the local system account ?

Our n/w guys says its the user who logs on to the system ?

What if no one logs on as when the server has just been restarted and nobody
logs on, the services still do start up . What account do they start up then
?

What replication factors are limited if the services do start with a local
system account ?

Ive set up transactional replication to another server and it seems to work
fine with the SQL Services log on a local system accout but the server is
logged on with a domain account

btw i am using SQL 7 and NT4

Thanks

2. Newbie question : DECODE (Oracle) exists with Sybase ?

3. Service Account vs. Local System Account

4. OLE

5. Database Errors

6. domain accounts vs. local accounts

7. I NEED SCSI TAPE DRIVE

8. Service Account vs. System Account

9. Error trying to run jobs using domain user account for SQL Server AGent service

10. Switch SQL Server Service to domain account ??

11. Running SQL Server 7 service under ordinary domain user account

12. SQLAgent Service receiveing tran replication can start with local system account