Solved

setting up SQL Server 2005

Posted on 2007-04-08
3
199 Views
Last Modified: 2010-03-19
I am installing SQL Server 2005 Evaluation version.  I come up to an installation step during the "Microsoft SQL Server 2005 Setup" which says "Service Accounts".  I have the option of selecting "built-in system account" or "domain user account".

What is the difference between these 2?

Thanks.
0
Comment
Question by:billyboy71
  • 2
3 Comments
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872679
They are different because they can have different permissions at the OS level. Built in system account is all-powerful, like a super administrator.  Definately, not the best idea, IMHO, as it exposes your system to unnecessary risk. Domain user account gives you the flexibility to choose different service accounts for different services, each having the appropriate level of OS security that it needs, but no more.

0
 
LVL 6

Accepted Solution

by:
thuannguy earned 42 total points
ID: 18872734
From http://en.wikibooks.org/wiki/SQL_Server_2005/Exam_70-431/Installing_a_New_Instance_of_SQL_Server_2005:
"You can choose between: Network service account, local system account, or a dedicated domain user account.

The Network service account is a special built-in system account that is similar to authenticated user accounts. This account has the same level of access to system resources and objects as members of the Users group. Services that run under this account will use the credentials of the computer account to access network resources. Not recommended to use.

The local system account is a Windows OS account that has full adminstrativve rights on the local computer but has no network rights. You can use this account for development or testing of servers that you do not integrate with other server applications or to interact with any network resources. Not recommended.

Recommended: Create and use one or two dedicated domain user accounts for the SQL Server and SQL Server Agent services. "


In my idea, if you install the MS SQL 2005 in a stand-alone PC, the built-in system account is good enough. However, if you install it in a server of a domain, you should use a dedicated domain user account. With domain user account, you can grant it appropriate access rights to log on, to make backup in another server/pc in the domain and many things else. One more thing, your MS SQL server will not be affected in case there is a change in the built-in system account.
Best regards,
thuannguy
0
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872735
More on domain user account.  Unless, they have already been set up on the domain to support another SQL Server instance, it's far easier to use the local groups with the right permissions that are created by the install.   The reason is because it can be a real pain to get all the permissions right.  If you are too lenient, then you increase the security exposure.  If you are too stingy, your database can't do it's job and will act-up with strange and mysterious errors that are not that easy to track down.

BTW, you can use the Configuration Manager to change the service accounts later.  So, I wouldn't get too hung up on it while installing the demo.  However, service accounts definately need to be one of your security considerations before you implement for real.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

I've encountered valid database schemas that do not have a primary key.  For example, I use LogParser from Microsoft to push IIS logs into a SQL database table for processing and analysis.  However, occasionally due to user error or a scheduled taskā€¦
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now