Solved

setting up SQL Server 2005

Posted on 2007-04-08
3
204 Views
Last Modified: 2010-03-19
I am installing SQL Server 2005 Evaluation version.  I come up to an installation step during the "Microsoft SQL Server 2005 Setup" which says "Service Accounts".  I have the option of selecting "built-in system account" or "domain user account".

What is the difference between these 2?

Thanks.
0
Comment
Question by:billyboy71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872679
They are different because they can have different permissions at the OS level. Built in system account is all-powerful, like a super administrator.  Definately, not the best idea, IMHO, as it exposes your system to unnecessary risk. Domain user account gives you the flexibility to choose different service accounts for different services, each having the appropriate level of OS security that it needs, but no more.

0
 
LVL 6

Accepted Solution

by:
thuannguy earned 42 total points
ID: 18872734
From http://en.wikibooks.org/wiki/SQL_Server_2005/Exam_70-431/Installing_a_New_Instance_of_SQL_Server_2005:
"You can choose between: Network service account, local system account, or a dedicated domain user account.

The Network service account is a special built-in system account that is similar to authenticated user accounts. This account has the same level of access to system resources and objects as members of the Users group. Services that run under this account will use the credentials of the computer account to access network resources. Not recommended to use.

The local system account is a Windows OS account that has full adminstrativve rights on the local computer but has no network rights. You can use this account for development or testing of servers that you do not integrate with other server applications or to interact with any network resources. Not recommended.

Recommended: Create and use one or two dedicated domain user accounts for the SQL Server and SQL Server Agent services. "


In my idea, if you install the MS SQL 2005 in a stand-alone PC, the built-in system account is good enough. However, if you install it in a server of a domain, you should use a dedicated domain user account. With domain user account, you can grant it appropriate access rights to log on, to make backup in another server/pc in the domain and many things else. One more thing, your MS SQL server will not be affected in case there is a change in the built-in system account.
Best regards,
thuannguy
0
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872735
More on domain user account.  Unless, they have already been set up on the domain to support another SQL Server instance, it's far easier to use the local groups with the right permissions that are created by the install.   The reason is because it can be a real pain to get all the permissions right.  If you are too lenient, then you increase the security exposure.  If you are too stingy, your database can't do it's job and will act-up with strange and mysterious errors that are not that easy to track down.

BTW, you can use the Configuration Manager to change the service accounts later.  So, I wouldn't get too hung up on it while installing the demo.  However, service accounts definately need to be one of your security considerations before you implement for real.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Mark Wills PIVOT is a great facility and solves many an EAV (Entity - Attribute - Value) type transformation where we need the information held as data within a column to become columns in their own right. Now, in some cases that is relatively…
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question