Solved

Login FROM system service (LOCAL SYSTEM) TO SQL Server using a different account.

Posted on 2006-10-20
3
203 Views
Last Modified: 2012-05-05
I have a situation where I have numerous workstations that will be running a system service that will both read and write values to a database on a SQL Server. The system service, running under the very permissive LOCAL SYSTEM account (required for the purposes of my application), presents a security issue that I would like to resolve by constraining it's access to the server through a limited user account. I do not want this service to login as LOCAL SYSTEM.

Can this be done? If so what would the connection string look like?

The system service was written in VB.Net and the connection string will have to be hard-coded in as the service runs without any user input.
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Nightman
ID: 17773667
It can be done using an SQL login instread of windows authentication. Have a look at www.connectionstrings.com
0
 
LVL 29

Accepted Solution

by:
Nightman earned 250 total points
ID: 17773681
for SQL 2000, use: "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=myUsername;Password=myPassword"
for SQL 2005, you can use the same, or: "Provider=SQLNCLI;Server=MyServer;Database=MyDatabase;UID=myUsername;PWD=myPassword;"
0
 
LVL 1

Author Comment

by:kkamm
ID: 17774850
I successfully used the connection string described above on a localized database. Unfortunately, upon reflection, I think this problem is a lot more involved than just a connection string issue when it comes to network database access from a system service.

IF the system  service is running as LOCAL SYSTEM on a remote workstation then I don't believe network access to the server is allowed at all for that service and NT Authentication would fail regardless of the validity of the credentials passed to the server. I have to keep this service running on the LOCAL SYSTEM account because it interacts with the Desktop. (Don't ask. It's for workstation locking...)

This leaves me with few options other than to run a second service running in a non-system user context that acts as a proxy between the server and the workstations and THAT is a whole other question thread so I will grant the points based on the question initially asked.

0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS SQL Sever Import/export problem 7 52
Powershell help for creating accounts 283 56
SQL Distinct Question 3 15
Neglected Questions 3 13
Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
Via a live example, show how to extract information from SQL Server on Database, Connection and Server properties
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question