Pau Lo

<div>
Yes, don't do it.<br />
<br />
You cannot tier isolate it<br />
You should apply PSO with stronger password to elevated accounts<br />
You might leak the hash which can then be offline cracked or checked on hashkiller<br />
Should not be able to do admin from a user session without explicitly elevating<br />
Elevated accounts should have more rigorous auditing <br />
etc.
</div>


Yes, don't do it.

You cannot tier isolate it
You should apply PSO with stronger password to elevated accounts
You might leak the hash which can then be offline cracked or checked on hashkiller
Should not be able to do admin from a user session without explicitly elevating
Elevated accounts should have more rigorous auditing
etc.

<div>
<div class="content wysiwyg-content">
Is there any major security benefit/other benefit in setting up DBA's with a separate AD account for day to day activities and then an elevated account for when they do their DBA work? I can understand the logic when it comes to tasks such as browsing the Internet as if you got some nasty malware as a domain admin for example it could cause carnage, but if a standard user account is added SYSADMIN privileges to live DB servers is that really a dangerous thing or should they have a second account for doing their DBA duties. Do you use multiple accounts in your role as a DBA?
</div>
</div>


Is there any major security benefit/other benefit in setting up DBA's with a separate AD account for day to day activities and then an elevated account for when they do their DBA work? I can understand the logic when it comes to tasks such as browsing the Internet as if you got some nasty malware as a domain admin for example it could cause carnage, but if a standard user account is added SYSADMIN privileges to live DB servers is that really a dangerous thing or should they have a second account for doing their DBA duties. Do you use multiple accounts in your role as a DBA?

DBA accounts best practice

Databases are organized collections of data, most commonly accessed through management systems including schemas, tables, queries and processes that allow users to enter and manipulate the information or utilize it in other fashions, such as with web applications or for reporting purposes.

Databases

Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.

Microsoft SQL Server

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.