Link to home
Start Free TrialLog in
Avatar of 25112
25112

asked on

sql services

do the below look OK/appropriate.. are any of the service accounts not best?

i see in
http://social.msdn.microsoft.com/Forums/en-US/sqlsecurity/thread/2986a020-b1bd-46a9-8f97-dbd439664f6a/
that locaservice is not a good idea..
sa.jpg
ASKER CERTIFIED SOLUTION
Avatar of dqmq
dqmq
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

OK I see what you are saying.. other than that, are all the other services ok/appropriate?
SOLUTION
Avatar of JHolycloud
JHolycloud
Flag of Indonesia image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of dqmq
dqmq
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

OK-
JHolycloud - you are recommending a domain account and dqmq would recommend a local account, is that right? (just trying to make sure I understand correctly)

dqmq : the following says Managed Service Account not applicable for SS?
http://technet.microsoft.com/en-us/library/ff641729%28WS.10%29.aspx
SOLUTION
Avatar of mastoo
mastoo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

>>For stronger security, it's preferable to use special service accounts with strong passwords
what are these special service accounts?
Avatar of 25112
25112

ASKER

>>Using a domain account for sql can be more convenient but is less secure.
what is the alternative you would suggest ? local accounts or OS default accounts (local service etc)
SOLUTION
Avatar of mastoo
mastoo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of dqmq
dqmq
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

mastoo, if the app server needs to access sql server, then it is needing network, right? your app and db are on the same server? and hence not needing network?
Avatar of 25112
25112

ASKER

   >>Local Accounts that you create and dedicate to the service.
you are referring to one of the below?
LocalService
    NetworkService
    LocalSystem

can they still be able to work domain wide communication to other servers for data transfers?
SOLUTION
Avatar of mastoo
mastoo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of dqmq
dqmq
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

mastoo, do you use built-in or dedicated accounts in your case - when you mentioned that you do not need network access for sql service account.

>> It would just be "outbound" things from sql that would necessitate network credentials.
app server initiates the request, right? so it will be 2-way always?

thanks for confirming, dqmq
SOLUTION
Avatar of mastoo
mastoo
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of 25112
25112

ASKER

thanks for the pro & con.