Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SQL 2008 R2 and Service Accounts

Posted on 2016-08-28
5
Medium Priority
?
145 Views
Last Modified: 2016-09-01
Documentation and articles say when installing SQL Server (2012) you must use a service account when installing on an active directory domain controller (Windows Server 2008 R2 Standard).  Says that Local System won't work.  I've seen one domain controller server where all SQL services were set to Local System.  So is this really true and forced by the SQL installer?  There are tons of other services on a domain controller that run as Local System.  Also noticed that the sql installer forces you to use Local System on the SQL Browser account, even on a domain controller.  So is this just good advice to use a service account, or is it really a functionality problem?

This is in a small office 5 to 20 users situation.
0
Comment
Question by:AnthonyMCSE
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 41774027
good advice only.. System works just fine but has no bars or restrictions (system is the god account).. Many times I've HAD to use system when the generated accounts fail on installation.
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41774417
There are tons of other services on a domain controller that run as Local System.
Local System is an account that is used by many programs so very good for an hacker to install a program that uses Local System to access to your SQL Server so is really not a good idea to use it as Service Account.
I've an article written about the SQL Server Service Accounts. Give it a read to know what options do you have.

Also noticed that the sql installer forces you to use Local System on the SQL Browser account, even on a domain controller.  
About the SQL Browser, that's a service only needs by Named Pipes protocol and doesn't have access to any SQL Server instance and that's why you can use Local System.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 41774641
Vitor, SQL Browser is required as soon as the TCP/IP port is dynamic (and/or unknown). Named Pipes does not need SQL Browser at all.
0
 
LVL 52

Expert Comment

by:Vitor Montalvão
ID: 41774660
Thanks Qlemo.
I went to re read the SQL Browser service article and I guess his need is related to named instances and TCP/IP:

"However, if the SQL Server Browser service is not running, the following connections do not work:

•Any component that tries to connect to a named instance without fully specifying all the parameters (such as the TCP/IP port or named pipe).
•Any component that generates or passes server\instance information that could later be used by other components to reconnect.
•Connecting to a named instance without providing the port number or pipe.
•DAC to a named instance or the default instance if not using TCP/IP port 1433.
•The OLAP redirector service.
•Enumerating servers in SQL Server Management Studio, Enterprise Manager, or Query Analyzer."
0
 

Author Closing Comment

by:AnthonyMCSE
ID: 41780785
Thanks!
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question