Solved

Login FROM system service (LOCAL SYSTEM) TO SQL Server using a different account.

Posted on 2006-10-20
3
201 Views
Last Modified: 2012-05-05
I have a situation where I have numerous workstations that will be running a system service that will both read and write values to a database on a SQL Server. The system service, running under the very permissive LOCAL SYSTEM account (required for the purposes of my application), presents a security issue that I would like to resolve by constraining it's access to the server through a limited user account. I do not want this service to login as LOCAL SYSTEM.

Can this be done? If so what would the connection string look like?

The system service was written in VB.Net and the connection string will have to be hard-coded in as the service runs without any user input.
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Nightman
ID: 17773667
It can be done using an SQL login instread of windows authentication. Have a look at www.connectionstrings.com
0
 
LVL 29

Accepted Solution

by:
Nightman earned 250 total points
ID: 17773681
for SQL 2000, use: "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=myUsername;Password=myPassword"
for SQL 2005, you can use the same, or: "Provider=SQLNCLI;Server=MyServer;Database=MyDatabase;UID=myUsername;PWD=myPassword;"
0
 
LVL 1

Author Comment

by:kkamm
ID: 17774850
I successfully used the connection string described above on a localized database. Unfortunately, upon reflection, I think this problem is a lot more involved than just a connection string issue when it comes to network database access from a system service.

IF the system  service is running as LOCAL SYSTEM on a remote workstation then I don't believe network access to the server is allowed at all for that service and NT Authentication would fail regardless of the validity of the credentials passed to the server. I have to keep this service running on the LOCAL SYSTEM account because it interacts with the Desktop. (Don't ask. It's for workstation locking...)

This leaves me with few options other than to run a second service running in a non-system user context that acts as a proxy between the server and the workstations and THAT is a whole other question thread so I will grant the points based on the question initially asked.

0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Server Designer 19 40
SqlServer no dupes 25 34
SSIS with VPN COnnection 2 76
what are the unique tables in SQL master database 5 61
When you hear the word proxy, you may become apprehensive. This article will help you to understand Proxy and when it is useful. Let's talk Proxy for SQL Server. (Not in terms of Internet access.) Typically, you'll run into this type of problem w…
I have a large data set and a SSIS package. How can I load this file in multi threading?
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question