Solved

setting up SQL Server 2005

Posted on 2007-04-08
3
201 Views
Last Modified: 2010-03-19
I am installing SQL Server 2005 Evaluation version.  I come up to an installation step during the "Microsoft SQL Server 2005 Setup" which says "Service Accounts".  I have the option of selecting "built-in system account" or "domain user account".

What is the difference between these 2?

Thanks.
0
Comment
Question by:billyboy71
  • 2
3 Comments
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872679
They are different because they can have different permissions at the OS level. Built in system account is all-powerful, like a super administrator.  Definately, not the best idea, IMHO, as it exposes your system to unnecessary risk. Domain user account gives you the flexibility to choose different service accounts for different services, each having the appropriate level of OS security that it needs, but no more.

0
 
LVL 6

Accepted Solution

by:
thuannguy earned 42 total points
ID: 18872734
From http://en.wikibooks.org/wiki/SQL_Server_2005/Exam_70-431/Installing_a_New_Instance_of_SQL_Server_2005:
"You can choose between: Network service account, local system account, or a dedicated domain user account.

The Network service account is a special built-in system account that is similar to authenticated user accounts. This account has the same level of access to system resources and objects as members of the Users group. Services that run under this account will use the credentials of the computer account to access network resources. Not recommended to use.

The local system account is a Windows OS account that has full adminstrativve rights on the local computer but has no network rights. You can use this account for development or testing of servers that you do not integrate with other server applications or to interact with any network resources. Not recommended.

Recommended: Create and use one or two dedicated domain user accounts for the SQL Server and SQL Server Agent services. "


In my idea, if you install the MS SQL 2005 in a stand-alone PC, the built-in system account is good enough. However, if you install it in a server of a domain, you should use a dedicated domain user account. With domain user account, you can grant it appropriate access rights to log on, to make backup in another server/pc in the domain and many things else. One more thing, your MS SQL server will not be affected in case there is a change in the built-in system account.
Best regards,
thuannguy
0
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872735
More on domain user account.  Unless, they have already been set up on the domain to support another SQL Server instance, it's far easier to use the local groups with the right permissions that are created by the install.   The reason is because it can be a real pain to get all the permissions right.  If you are too lenient, then you increase the security exposure.  If you are too stingy, your database can't do it's job and will act-up with strange and mysterious errors that are not that easy to track down.

BTW, you can use the Configuration Manager to change the service accounts later.  So, I wouldn't get too hung up on it while installing the demo.  However, service accounts definately need to be one of your security considerations before you implement for real.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article will provide a solution for an error that might occur installing a new SQL 2005 64-bit cluster. This article will assume that you are fully prepared to complete the installation and describes the error as it occurred durin…
I've encountered valid database schemas that do not have a primary key.  For example, I use LogParser from Microsoft to push IIS logs into a SQL database table for processing and analysis.  However, occasionally due to user error or a scheduled task…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question