?
Solved

Login FROM system service (LOCAL SYSTEM) TO SQL Server using a different account.

Posted on 2006-10-20
3
Medium Priority
?
206 Views
Last Modified: 2012-05-05
I have a situation where I have numerous workstations that will be running a system service that will both read and write values to a database on a SQL Server. The system service, running under the very permissive LOCAL SYSTEM account (required for the purposes of my application), presents a security issue that I would like to resolve by constraining it's access to the server through a limited user account. I do not want this service to login as LOCAL SYSTEM.

Can this be done? If so what would the connection string look like?

The system service was written in VB.Net and the connection string will have to be hard-coded in as the service runs without any user input.
0
Comment
Question by:kkamm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Nightman
ID: 17773667
It can be done using an SQL login instread of windows authentication. Have a look at www.connectionstrings.com
0
 
LVL 29

Accepted Solution

by:
Nightman earned 1000 total points
ID: 17773681
for SQL 2000, use: "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=myUsername;Password=myPassword"
for SQL 2005, you can use the same, or: "Provider=SQLNCLI;Server=MyServer;Database=MyDatabase;UID=myUsername;PWD=myPassword;"
0
 
LVL 1

Author Comment

by:kkamm
ID: 17774850
I successfully used the connection string described above on a localized database. Unfortunately, upon reflection, I think this problem is a lot more involved than just a connection string issue when it comes to network database access from a system service.

IF the system  service is running as LOCAL SYSTEM on a remote workstation then I don't believe network access to the server is allowed at all for that service and NT Authentication would fail regardless of the validity of the credentials passed to the server. I have to keep this service running on the LOCAL SYSTEM account because it interacts with the Desktop. (Don't ask. It's for workstation locking...)

This leaves me with few options other than to run a second service running in a non-system user context that acts as a proxy between the server and the workstations and THAT is a whole other question thread so I will grant the points based on the question initially asked.

0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Via a live example combined with referencing Books Online, show some of the information that can be extracted from the Catalog Views in SQL Server.
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question