Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

SQL Server 2012 Local groups Expand / Collapse
Author
Message
Posted Thursday, February 7, 2013 8:16 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, September 9, 2013 8:12 AM
Points: 137, Visits: 297
I have just installed our first instance of SQL Server 2012 and am having issues. As part of our security setup, we run our services with local users and remove the NT System/NT Authority logins from the instance. In the past, we added the local users to the SQL Server groups to give them the necessary security on the OS. However, I cannot find the groups for 2012. Could someone please point me in the right direction of where they are now?
Post #1417104
Posted Friday, February 8, 2013 8:26 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, November 14, 2014 8:28 AM
Points: 301, Visits: 597
Have you logged in with sa? If you log in with sa add your group if you do not see it.

MCSA SQL Server 2012
Post #1417740
Posted Friday, February 8, 2013 8:29 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, September 9, 2013 8:12 AM
Points: 137, Visits: 297
I can add domain groups to the SQL Server instance. I am talking about the Windows groups that were created with SQL2K5 and SQL2K8.
Post #1417741
Posted Friday, February 8, 2013 8:39 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, November 14, 2014 8:28 AM
Points: 301, Visits: 597
I see, I have never used local groups on my services (windows or default local system account) I have always used a domain service account. However I would not use windows accounts for my services, personal preference.

MCSA SQL Server 2012
Post #1417746
Posted Friday, February 8, 2013 8:45 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, September 9, 2013 8:12 AM
Points: 137, Visits: 297
To decision to use local users was made above my head. Setting the permissions for the service startup account was done by adding the user into the local Windows group. If we change the service startup account, how do we set the permissions?
Post #1417749
Posted Friday, February 8, 2013 8:49 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, November 14, 2014 8:28 AM
Points: 301, Visits: 597
Just set it up as a service account in AD, the defaults can be used. Place it on a test box or a box that can be restarted to test to see that it will function correctly. That way you can go above and let them know it works. Just remember you have to restart services for the change to take place.

MCSA SQL Server 2012
Post #1417754
Posted Friday, February 8, 2013 8:53 AM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, September 9, 2013 8:12 AM
Points: 137, Visits: 297
I cannot set up any accounts in AD, our security team does that. It was also decides to use a distinct user for every server, which is why they create them locally on the box.
Post #1417757
Posted Tuesday, February 12, 2013 12:29 PM
Valued Member

Valued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued MemberValued Member

Group: General Forum Members
Last Login: Thursday, September 11, 2014 2:48 PM
Points: 72, Visits: 204
Hi,

It is recommended to run the SQL Services on an AD account.So update them the benefits of using a service account as a standard for all the sql server instead of using single user account on each server. This is more secure than using the individual accounts.

Thanks
Srikanth Reddy Kundur
Post #1419148
Posted Tuesday, February 12, 2013 12:58 PM
SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Monday, September 9, 2013 8:12 AM
Points: 137, Visits: 297
We used to use one AD account for all SQL Server services and another for all SQL Agent services. The service login account were changed after the install was complete, so we granted them both local admin rights on the servers. However, we have an isolated network where we had to conform to Federal requirements, one of which was no AD accounts unless absolutely necessary. We just decided to apply those requirement to all of our servers.
Post #1419162
Posted Tuesday, February 12, 2013 5:10 PM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Thursday, October 2, 2014 8:05 AM
Points: 283, Visits: 1,119
SQL Server 2012 doesn't use local groups anymore (though it does for SSAS).

There's a good explanation here

http://msdn.microsoft.com/en-us/library/ms143504.aspx



Check Your SQL Servers Quickly and Easily
www.sqlcopilot.com
Post #1419243
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse