Solved

Login FROM system service (LOCAL SYSTEM) TO SQL Server using a different account.

Posted on 2006-10-20
3
199 Views
Last Modified: 2012-05-05
I have a situation where I have numerous workstations that will be running a system service that will both read and write values to a database on a SQL Server. The system service, running under the very permissive LOCAL SYSTEM account (required for the purposes of my application), presents a security issue that I would like to resolve by constraining it's access to the server through a limited user account. I do not want this service to login as LOCAL SYSTEM.

Can this be done? If so what would the connection string look like?

The system service was written in VB.Net and the connection string will have to be hard-coded in as the service runs without any user input.
0
Comment
Question by:kkamm
  • 2
3 Comments
 
LVL 29

Expert Comment

by:Nightman
ID: 17773667
It can be done using an SQL login instread of windows authentication. Have a look at www.connectionstrings.com
0
 
LVL 29

Accepted Solution

by:
Nightman earned 250 total points
ID: 17773681
for SQL 2000, use: "Data Source=MyServer;Initial Catalog=MyDatabase;User Id=myUsername;Password=myPassword"
for SQL 2005, you can use the same, or: "Provider=SQLNCLI;Server=MyServer;Database=MyDatabase;UID=myUsername;PWD=myPassword;"
0
 
LVL 1

Author Comment

by:kkamm
ID: 17774850
I successfully used the connection string described above on a localized database. Unfortunately, upon reflection, I think this problem is a lot more involved than just a connection string issue when it comes to network database access from a system service.

IF the system  service is running as LOCAL SYSTEM on a remote workstation then I don't believe network access to the server is allowed at all for that service and NT Authentication would fail regardless of the validity of the credentials passed to the server. I have to keep this service running on the LOCAL SYSTEM account because it interacts with the Desktop. (Don't ask. It's for workstation locking...)

This leaves me with few options other than to run a second service running in a non-system user context that acts as a proxy between the server and the workstations and THAT is a whole other question thread so I will grant the points based on the question initially asked.

0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

Introduction In my previous article (http://www.experts-exchange.com/Microsoft/Development/MS-SQL-Server/SSIS/A_9150-Loading-XML-Using-SSIS.html) I showed you how the XML Source component can be used to load XML files into a SQL Server database, us…
Everyone has problem when going to load data into Data warehouse (EDW). They all need to confirm that data quality is good but they don't no how to proceed. Microsoft has provided new task within SSIS 2008 called "Data Profiler Task". It solve th…
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
This video shows, step by step, how to configure Oracle Heterogeneous Services via the Generic Gateway Agent in order to make a connection from an Oracle session and access a remote SQL Server database table.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now