Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Service Account Expand / Collapse
Author
Message
Posted Monday, April 2, 2012 9:48 PM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, June 25, 2014 6:20 AM
Points: 159, Visits: 622
What are the best practices of service account in production, test, dev environments for mssqlservice, agent service , browser service ...

please specify


Sagar Sonawane
** Every DBA has his day!!
Post #1277060
Posted Tuesday, April 3, 2012 12:42 AM


Right there with Babe

Right there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with BabeRight there with Babe

Group: General Forum Members
Last Login: Tuesday, July 8, 2014 9:53 AM
Points: 728, Visits: 770
Its the same for all, a domain accout with the minimum privlages, the account needs to be able to run as a service if you apply restricted group policies accross your domain
Post #1277092
Posted Tuesday, April 3, 2012 5:42 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Today @ 6:43 AM
Points: 15,511, Visits: 27,891
Depending on what you're trying to do, you may want to use a different account for production and non-production environments in order to prevent any chance of a non-production environment accessing production inappropriately. Other than that, I'd follow the advice of the previous post.

----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of: SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans

Product Evangelist for Red Gate Software
Post #1277237
Posted Wednesday, April 4, 2012 9:41 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 4:07 PM
Points: 2,691, Visits: 3,371
In addition to that, only change the service accounts using SQL Server Confiduration Manager. If you change it through the services.msc window, you will create problems.

Thanks,

Jared
SQL Know-It-All

How to post data/code on a forum to get the best help - Jeff Moden
Post #1278187
Posted Wednesday, April 4, 2012 10:37 AM
SSChasing Mays

SSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing MaysSSChasing Mays

Group: General Forum Members
Last Login: Yesterday @ 3:22 PM
Points: 646, Visits: 3,776
The following goes into some detail...

http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.105%29.aspx
Post #1278233
Posted Wednesday, April 4, 2012 11:08 PM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Wednesday, June 25, 2014 6:20 AM
Points: 159, Visits: 622
Replies are appreciable..... Thank you guys...

Sagar Sonawane
** Every DBA has his day!!
Post #1278574
Posted Tuesday, February 25, 2014 9:27 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 3:02 PM
Points: 801, Visits: 1,978
Hopefully this post isn't too old to continue the discussion. I've read that it's best practice that every SQL Server service account on every server have its own domain account. No explanation as to WHY, however. This method in a DEV, TEST, PROD environment could result in a great number of accounts.

The earlier comment about DEV and TEST services having different accounts than PROD makes sense. But should each production server have its own domain account sets? I'm curious how people are handling this. I don't want to ask for a lot of accounts that may not be needed. I don't want to mindlessly follow a "best practice" without understanding why it's a best practice. On the other hand, if there's a good reason, I don't want to be responsible for something that would have been prevented by following the best practice.

What are people doing in their shops? Thanks,



Post #1545000
Posted Tuesday, February 25, 2014 9:48 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Today @ 6:43 AM
Points: 15,511, Visits: 27,891
RonKyle (2/25/2014)
Hopefully this post isn't too old to continue the discussion. I've read that it's best practice that every SQL Server service account on every server have its own domain account. No explanation as to WHY, however. This method in a DEV, TEST, PROD environment could result in a great number of accounts.

The earlier comment about DEV and TEST services having different accounts than PROD makes sense. But should each production server have its own domain account sets? I'm curious how people are handling this. I don't want to ask for a lot of accounts that may not be needed. I don't want to mindlessly follow a "best practice" without understanding why it's a best practice. On the other hand, if there's a good reason, I don't want to be responsible for something that would have been prevented by following the best practice.

What are people doing in their shops? Thanks,


It's almost a two year old thread. The only people likely to see your follow-up are the ones who have already posted. If you really want to get more information, I'd suggest opening your own thread.

However, not to leave you hanging, no, I wouldn't suggest a different login for every production box, no. But... if you're really, really concerned with security, it is more secure. It's also a heck of a lot more to manage. We didn't do this at my previous organization where we had hundreds of production servers. There were some different logins to wall off certain servers, but other than that, most ran under a common login (by the way, I didn't have access to that login. It was reserved to the security people. We never knew what the password was or anything).


----------------------------------------------------
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood..." Theodore Roosevelt
The Scary DBA
Author of: SQL Server 2012 Query Performance Tuning
SQL Server 2008 Query Performance Tuning Distilled
and
SQL Server Execution Plans

Product Evangelist for Red Gate Software
Post #1545016
Posted Tuesday, February 25, 2014 9:55 AM
SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Yesterday @ 3:02 PM
Points: 801, Visits: 1,978
It's almost a two year old thread.


Probaby shouldn't admit I looked at a last logged in date rather than the posted date. Thanks for the response. I will start a new thread.



Post #1545032
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse