November 10, 2016 at 4:05 pm
We need to change the service account for one of our SQL Servers - the DB Engine service, not any others. I have followed all of the recommendations from this article to get the account ready:
https://msdn.microsoft.com/en-us/library/ms143504(v=sql.105).aspx
I have made this change on other servers before with success, but I am a nervous about this one, and here's why:
1) it is not under Active Directory
2) the service is currently running as the local Windows Administrator account
3) that account also has a SQL login associated with sysadmin permissions
4) we don't have a proper test environment to mimic/test this change first
5) no one has the windows administrator password, so there is no way for me to be sure that the password for this one and the password for a local administrator account on another server aren't the same (if they are, they would be able to "communicate", which may be facilitating data transfer of some sort)
6) I did not set this up; I inherited it
I know that changing the SQL Agent Service account can be a bit trickier because it can be used to run jobs, but I have never run into a situation where the DB Engine service account was specifically assigned to anything, so I'm not sure what else to look for, if anything.
In this particular case, I have searched all the stored procs to check if it was hard-coded anywhere, and it is not. There is no clustering or mirroring. There is replication, but it has its own user that the replication agents run under.
Can anyone shed some light on what else I may want to consider before making the change? Remember, I have followed the steps from the article, and we obviously will monitor things after the change takes place.
Thanks in advance!
November 11, 2016 at 1:26 am
Would have thought that if you carefully follow the process detailed in that page "Setting Up Windows Service Accounts", you should be safe.
😎
Why don't you set up another instance and test it out? Are there any known accounts with local Windows Administrator privileges?
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply