Solved

setting up SQL Server 2005

Posted on 2007-04-08
3
203 Views
Last Modified: 2010-03-19
I am installing SQL Server 2005 Evaluation version.  I come up to an installation step during the "Microsoft SQL Server 2005 Setup" which says "Service Accounts".  I have the option of selecting "built-in system account" or "domain user account".

What is the difference between these 2?

Thanks.
0
Comment
Question by:billyboy71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872679
They are different because they can have different permissions at the OS level. Built in system account is all-powerful, like a super administrator.  Definately, not the best idea, IMHO, as it exposes your system to unnecessary risk. Domain user account gives you the flexibility to choose different service accounts for different services, each having the appropriate level of OS security that it needs, but no more.

0
 
LVL 6

Accepted Solution

by:
thuannguy earned 42 total points
ID: 18872734
From http://en.wikibooks.org/wiki/SQL_Server_2005/Exam_70-431/Installing_a_New_Instance_of_SQL_Server_2005:
"You can choose between: Network service account, local system account, or a dedicated domain user account.

The Network service account is a special built-in system account that is similar to authenticated user accounts. This account has the same level of access to system resources and objects as members of the Users group. Services that run under this account will use the credentials of the computer account to access network resources. Not recommended to use.

The local system account is a Windows OS account that has full adminstrativve rights on the local computer but has no network rights. You can use this account for development or testing of servers that you do not integrate with other server applications or to interact with any network resources. Not recommended.

Recommended: Create and use one or two dedicated domain user accounts for the SQL Server and SQL Server Agent services. "


In my idea, if you install the MS SQL 2005 in a stand-alone PC, the built-in system account is good enough. However, if you install it in a server of a domain, you should use a dedicated domain user account. With domain user account, you can grant it appropriate access rights to log on, to make backup in another server/pc in the domain and many things else. One more thing, your MS SQL server will not be affected in case there is a change in the built-in system account.
Best regards,
thuannguy
0
 
LVL 42

Assisted Solution

by:dqmq
dqmq earned 83 total points
ID: 18872735
More on domain user account.  Unless, they have already been set up on the domain to support another SQL Server instance, it's far easier to use the local groups with the right permissions that are created by the install.   The reason is because it can be a real pain to get all the permissions right.  If you are too lenient, then you increase the security exposure.  If you are too stingy, your database can't do it's job and will act-up with strange and mysterious errors that are not that easy to track down.

BTW, you can use the Configuration Manager to change the service accounts later.  So, I wouldn't get too hung up on it while installing the demo.  However, service accounts definately need to be one of your security considerations before you implement for real.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
execute a MS SQL script as a schedule SQL job 72 144
SQL Agent Timeout 5 69
SQL Error - Query 6 50
calculate running total 8 15
Introduction: When running hybrid database environments, you often need to query some data from a remote db of any type, while being connected to your MS SQL Server database. Problems start when you try to combine that with some "user input" pass…
INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question