September 11, 2008 at 7:10 am
Greetings,
Most online sources recommend using a "domain account with limited privileges" instead of the local system account, as the account under which SQL Server's various services run. I am trying to understand specifically why this is so.
If I understand correctly, using the local system account limits anything an intruding user can do, to simply that PC, keeping them from being able to get anywhere else in the domain or network. A domain account, no matter how limited, still provides access to an intruder, outside the affected PC. I would much appreciate if someone could explain to me the specifics of why using a "domain account with limited privileges" is recommended, and exactly what the "limited privileges" are.
I am fairly new to SQL Server, my background is primarily in application and database development, and the security aspect has previously been handled by network staff.
Thanks,
Randy
September 11, 2008 at 8:11 am
Because sometimes the SQL Service needs to be able to access resources other than on the local machine. Other SQL Servers, other database servers, file shares, etc.
If you make local system the service account, then should someone compromise the SQL, they have the entire machine. If you give the SQL service limited permissions (typically full control over its own folders and read on any network shares that it may need access to) then even if the SQL instance gets compromised, there's limited possibilities for the attacker to do anything to the local server or network
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply