Solved

Login FROM system service (LOCAL SYSTEM) TO SQL Server using a different account.

Posted on 2006-10-20
3
202 Views
Last Modified: 2012-05-05
I have a situation where I have numerous workstations that will be running a system service that will both read and write values to a database on a SQL Server. The system service, running under the very permissive LOCAL SYSTEM account (required for the purposes of my application), presents a security issue that I would like to resolve by constraining it's access to the server through a limited user account. I do not want this service to login as LOCAL SYSTEM.

Can this be done? If so what would the connection string look like?

The system service was written in VB.Net and the connection string will have to be hard-coded in as the service runs without any user input.
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Nightman
ID: 17773667
It can be done using an SQL login instread of windows authentication. Have a look at www.connectionstrings.com
0
 
LVL 29

Accepted Solution

by:
Nightman earned 250 total points
ID: 17773681
for SQL 2000, use: "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=myUsername;Password=myPassword"
for SQL 2005, you can use the same, or: "Provider=SQLNCLI;Server=MyServer;Database=MyDatabase;UID=myUsername;PWD=myPassword;"
0
 
LVL 1

Author Comment

by:kkamm
ID: 17774850
I successfully used the connection string described above on a localized database. Unfortunately, upon reflection, I think this problem is a lot more involved than just a connection string issue when it comes to network database access from a system service.

IF the system  service is running as LOCAL SYSTEM on a remote workstation then I don't believe network access to the server is allowed at all for that service and NT Authentication would fail regardless of the validity of the credentials passed to the server. I have to keep this service running on the LOCAL SYSTEM account because it interacts with the Desktop. (Don't ask. It's for workstation locking...)

This leaves me with few options other than to run a second service running in a non-system user context that acts as a proxy between the server and the workstations and THAT is a whole other question thread so I will grant the points based on the question initially asked.

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question