Solved

SQL 2008 R2 and Service Accounts

Posted on 2016-08-28
5
107 Views
Last Modified: 2016-09-01
Documentation and articles say when installing SQL Server (2012) you must use a service account when installing on an active directory domain controller (Windows Server 2008 R2 Standard).  Says that Local System won't work.  I've seen one domain controller server where all SQL services were set to Local System.  So is this really true and forced by the SQL installer?  There are tons of other services on a domain controller that run as Local System.  Also noticed that the sql installer forces you to use Local System on the SQL Browser account, even on a domain controller.  So is this just good advice to use a service account, or is it really a functionality problem?

This is in a small office 5 to 20 users situation.
0
Comment
Question by:AnthonyMCSE
5 Comments
 
LVL 80

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 41774027
good advice only.. System works just fine but has no bars or restrictions (system is the god account).. Many times I've HAD to use system when the generated accounts fail on installation.
0
 
LVL 49

Expert Comment

by:Vitor Montalvão
ID: 41774417
There are tons of other services on a domain controller that run as Local System.
Local System is an account that is used by many programs so very good for an hacker to install a program that uses Local System to access to your SQL Server so is really not a good idea to use it as Service Account.
I've an article written about the SQL Server Service Accounts. Give it a read to know what options do you have.

Also noticed that the sql installer forces you to use Local System on the SQL Browser account, even on a domain controller.  
About the SQL Browser, that's a service only needs by Named Pipes protocol and doesn't have access to any SQL Server instance and that's why you can use Local System.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 41774641
Vitor, SQL Browser is required as soon as the TCP/IP port is dynamic (and/or unknown). Named Pipes does not need SQL Browser at all.
0
 
LVL 49

Expert Comment

by:Vitor Montalvão
ID: 41774660
Thanks Qlemo.
I went to re read the SQL Browser service article and I guess his need is related to named instances and TCP/IP:

"However, if the SQL Server Browser service is not running, the following connections do not work:

•Any component that tries to connect to a named instance without fully specifying all the parameters (such as the TCP/IP port or named pipe).
•Any component that generates or passes server\instance information that could later be used by other components to reconnect.
•Connecting to a named instance without providing the port number or pipe.
•DAC to a named instance or the default instance if not using TCP/IP port 1433.
•The OLAP redirector service.
•Enumerating servers in SQL Server Management Studio, Enterprise Manager, or Query Analyzer."
0
 

Author Closing Comment

by:AnthonyMCSE
ID: 41780785
Thanks!
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
A procedure for exporting installed hotfix details of remote computers using powershell
Via a live example, show how to setup several different housekeeping processes for a SQL Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question