Solved

setting up SQL Server 2005

Posted on 2007-04-08
3
202 Views
Last Modified: 2010-03-19
I am installing SQL Server 2005 Evaluation version.  I come up to an installation step during the "Microsoft SQL Server 2005 Setup" which says "Service Accounts".  I have the option of selecting "built-in system account" or "domain user account".

What is the difference between these 2?

Thanks.
0
Comment
Question by:billyboy71
  • 2
3 Comments
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872679
They are different because they can have different permissions at the OS level. Built in system account is all-powerful, like a super administrator.  Definately, not the best idea, IMHO, as it exposes your system to unnecessary risk. Domain user account gives you the flexibility to choose different service accounts for different services, each having the appropriate level of OS security that it needs, but no more.

0
 
LVL 6

Accepted Solution

by:
thuannguy earned 42 total points
ID: 18872734
From http://en.wikibooks.org/wiki/SQL_Server_2005/Exam_70-431/Installing_a_New_Instance_of_SQL_Server_2005:
"You can choose between: Network service account, local system account, or a dedicated domain user account.

The Network service account is a special built-in system account that is similar to authenticated user accounts. This account has the same level of access to system resources and objects as members of the Users group. Services that run under this account will use the credentials of the computer account to access network resources. Not recommended to use.

The local system account is a Windows OS account that has full adminstrativve rights on the local computer but has no network rights. You can use this account for development or testing of servers that you do not integrate with other server applications or to interact with any network resources. Not recommended.

Recommended: Create and use one or two dedicated domain user accounts for the SQL Server and SQL Server Agent services. "


In my idea, if you install the MS SQL 2005 in a stand-alone PC, the built-in system account is good enough. However, if you install it in a server of a domain, you should use a dedicated domain user account. With domain user account, you can grant it appropriate access rights to log on, to make backup in another server/pc in the domain and many things else. One more thing, your MS SQL server will not be affected in case there is a change in the built-in system account.
Best regards,
thuannguy
0
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872735
More on domain user account.  Unless, they have already been set up on the domain to support another SQL Server instance, it's far easier to use the local groups with the right permissions that are created by the install.   The reason is because it can be a real pain to get all the permissions right.  If you are too lenient, then you increase the security exposure.  If you are too stingy, your database can't do it's job and will act-up with strange and mysterious errors that are not that easy to track down.

BTW, you can use the Configuration Manager to change the service accounts later.  So, I wouldn't get too hung up on it while installing the demo.  However, service accounts definately need to be one of your security considerations before you implement for real.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article will describe one method to parse a delimited string into a table of data.   Why would I do that you ask?  Let's say that you need to pass multiple parameters into a stored procedure to search for.  For our sake, we'll say that we wa…
by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question