June 5, 2008 at 9:46 am
Hi,
Could you provide your views on this..
Do you presently NOT run the SQL Server Account as Local Administrator on your database server?
If so, have this prevented you from using critical features? How did you get around this?
The link below makes reference as to how a critical feature "Automatic Server Restart Feature" is affected if SQL Server Account is NOT ran with sufficient priviledges.
http://msdn.microsoft.com/en-us/library/aa937564%28SQL.80%29.aspx
My question is, based on what you read, are they saying:
To run the "Automatic Server Restart Feature" you should ensure the SQL Server Account logs on with "Log on as a service" rights on the computer in addition to having the following permissions:
* Full control of the main Microsoft® SQL Server™ directory (by default, \Mssql).
* Full control of the SQL Server database files, regardless of storage location.
* The Log on as a service right. Ensure that all logon hours are allowed in the Logon Hours dialog box.
* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer.
* Selection of the Password Never Expires box.
* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSQLServer.
* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib.
OR
Alternatively if the above is not done, to run the "Automatic Server Restart Feature" the SQL Server Account MUST be a Windows NT account with local administrator privileges to:
* Create SQL Server Agent CmdExec and Microsoft ActiveX® Script jobs not belonging to members of the sysadmin fixed server role.
* Use the automatic server restart feature of SQL Server Agent.
* Create SQL Server Agent jobs to be run when the server is idle.
Basically, do you think they are they laying out two alternatives to solve the issue or just the last one?
If this is so, then this contradicts with another microsoft advisory. Microsoft TechNet’s “Implementation of Server Level Security and Object Level Security” advises against running SQL Server services as Local System/Local Administrator.
See http://www.microsoft.com/technet/prodtechnol/sql/2000/maintain/sp3sec02.mspx
MSSQL Server service should be started as a user level account. This reduces the risk that it can be used by an attacker to increase their privilege on the database server and the network. However, if SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. The problem with running SQL Server as Local System is that it provides more privilege than is necessary.
Your valued feedback will be appreciated.
Regards,
Lennox
June 5, 2008 at 9:57 am
DO NOT use domain or local administrator. There is no need and no features are lost.
DO NOT use anything other than Enterprise Manager or SETUP to set the account to be used. They will set the correct rights for the account. It is recommended to use a domain user, no privliges other than what is needed to access things on the network.
June 5, 2008 at 10:11 am
So what do you think about this justification
"We do not run SQL Server accounts as Local System. We do, however, use critical features that require the SQL Server Account to run as Local Administrator on the Database Server. An example of a specific critical feature is the automatic Server Restart Feature which allows the SQL Agent to restart SQL Agent and SQL Server Engine at unexpected stops. This feature will not work if the SQL Agent Account is not part of the Local Administrator Group."
Thanks Sharon
June 5, 2008 at 11:24 am
You have no choice there. If you need Agent to restart SQL Server, then you have to do that. However, the local services allow for a restart.
If you have major issues, there's neither restart will work. you'll have to manually fix something.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply