April 24, 2012 at 3:08 pm
I'm working on setting up a method to backup several SQL Servers to a single UNC on another system. The challenge of this, is that the system that will house the file share is joined to a domain, while the SQL Servers are each in a workgroup environment (and this cannot be changed.)
I believe I've sorted out how to do this, but I want to confirm that I've got it right, and won't be opening many (preferably no) security holes. Below are the steps I've taken (in a test environment) to get this to work:
1. Create a local user account on the SQL Server, and a matching account on the share server
2. Grant the account access to the share and the NTFS file system on the share server
3. Install SQL Server, choosing my local account as the SQL Server Service Account
4. Set up my backup job in SQL Agent
5. Done!
This seems to work OK in my test bed, so I think it should be OK in a production environment. I don't want to mess with mapped drives (preferably NO ONE will log into the SQL Server on a regular basis) and local media for the SQL Servers isn't an option (they're virtual machines on Hyper-V) Being workgroup systems, I don't have to worry about changing passwords on the local accounts (which I know *IS* a security hole) but these aren't internet facing servers, so that reduces the risk.
Thank you,
Jason A.
April 24, 2012 at 3:44 pm
jasona.work (4/24/2012)
1. Create a local user account on the SQL Server, and a matching account on the share server2. Grant the account access to the share and the NTFS file system on the share server
3. Install SQL Server, choosing my local account as the SQL Server Service Account
Yes that is pass through authentication 😉
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
April 24, 2012 at 4:27 pm
Re: security holes in pass-through auth (leverages NTLM) existed until recently. Make sure your OS is patched:
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
April 25, 2012 at 12:53 pm
Thanks to both of you!
Jason A.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply