SQL Server 2012 Local groups

SQLServerCentral is supported by Red Gate Software Ltd.

Popular Topics

Home

Members

Calendar

Who's On

Home » SQL Server 2012 » SQL 2012 - General » SQL Server 2012 Local groups

11 posts, Page 1 of 2

1 2 »»

SQL Server 2012 Local groups

Rate Topic

Display Mode

Topic Options

Author

Message

Brian Brown-204626

Posted Thursday, February 07, 2013 8:16 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, March 12, 2013 1:35 PM
Points: 137, Visits: 290

I have just installed our first instance of SQL Server 2012 and am having issues. As part of our security setup, we run our services with local users and remove the NT System/NT Authority logins from the instance. In the past, we added the local users to the SQL Server groups to give them the necessary security on the OS. However, I cannot find the groups for 2012. Could someone please point me in the right direction of where they are now?

Post #1417104

It's the Database!!!

Posted Friday, February 08, 2013 8:26 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:39 AM
Points: 136, Visits: 307

Have you logged in with sa? If you log in with sa add your group if you do not see it.

Post #1417740

Brian Brown-204626

Posted Friday, February 08, 2013 8:29 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, March 12, 2013 1:35 PM
Points: 137, Visits: 290

I can add domain groups to the SQL Server instance. I am talking about the Windows groups that were created with SQL2K5 and SQL2K8.

Post #1417741

It's the Database!!!

Posted Friday, February 08, 2013 8:39 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:39 AM
Points: 136, Visits: 307

I see, I have never used local groups on my services (windows or default local system account) I have always used a domain service account. However I would not use windows accounts for my services, personal preference. Smile

Post #1417746

Brian Brown-204626

Posted Friday, February 08, 2013 8:45 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, March 12, 2013 1:35 PM
Points: 137, Visits: 290

To decision to use local users was made above my head. Setting the permissions for the service startup account was done by adding the user into the local Windows group. If we change the service startup account, how do we set the permissions?

Post #1417749

It's the Database!!!

Posted Friday, February 08, 2013 8:49 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Yesterday @ 7:39 AM
Points: 136, Visits: 307

Just set it up as a service account in AD, the defaults can be used. Place it on a test box or a box that can be restarted to test to see that it will function correctly. That way you can go above and let them know it works. Just remember you have to restart services for the change to take place.

Post #1417754

Brian Brown-204626

Posted Friday, February 08, 2013 8:53 AM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, March 12, 2013 1:35 PM
Points: 137, Visits: 290

I cannot set up any accounts in AD, our security team does that. It was also decides to use a distinct user for every server, which is why they create them locally on the box.

Post #1417757

ksrikanth77

Posted Tuesday, February 12, 2013 12:29 PM

Valued Member

Group: General Forum Members
Last Login: Friday, May 10, 2013 5:51 PM
Points: 54, Visits: 121

Hi,

It is recommended to run the SQL Services on an AD account.So update them the benefits of using a service account as a standard for all the sql server instead of using single user account on each server. This is more secure than using the individual accounts.

Thanks
Srikanth Reddy Kundur

Post #1419148

Brian Brown-204626

Posted Tuesday, February 12, 2013 12:58 PM

SSC-Enthusiastic

Group: General Forum Members
Last Login: Tuesday, March 12, 2013 1:35 PM
Points: 137, Visits: 290

We used to use one AD account for all SQL Server services and another for all SQL Agent services. The service login account were changed after the install was complete, so we granted them both local admin rights on the servers. However, we have an isolated network where we had to conform to Federal requirements, one of which was no AD accounts unless absolutely necessary. We just decided to apply those requirement to all of our servers.

Post #1419162

Richard Fryar

Posted Tuesday, February 12, 2013 5:10 PM

SSC Veteran

Group: General Forum Members
Last Login: Yesterday @ 4:59 AM
Points: 242, Visits: 879

SQL Server 2012 doesn't use local groups anymore (though it does for SSAS).

There's a good explanation here

http://msdn.microsoft.com/en-us/library/ms143504.aspx

FREE DOWNLOAD
www.sqlcopilot.com

Post #1419243

« Prev Topic | Next Topic »

11 posts, Page 1 of 2

1 2 »»

Permissions