SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL Server 2012 Local groups


SQL Server 2012 Local groups

Author
Message
Brian Brown-204626
Brian Brown-204626
SSChasing Mays
SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)

Group: General Forum Members
Points: 619 Visits: 297
I have just installed our first instance of SQL Server 2012 and am having issues. As part of our security setup, we run our services with local users and remove the NT System/NT Authority logins from the instance. In the past, we added the local users to the SQL Server groups to give them the necessary security on the OS. However, I cannot find the groups for 2012. Could someone please point me in the right direction of where they are now?
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)

Group: General Forum Members
Points: 3328 Visits: 919
Have you logged in with sa? If you log in with sa add your group if you do not see it.

MCSA SQL Server 2012
Brian Brown-204626
Brian Brown-204626
SSChasing Mays
SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)

Group: General Forum Members
Points: 619 Visits: 297
I can add domain groups to the SQL Server instance. I am talking about the Windows groups that were created with SQL2K5 and SQL2K8.
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)

Group: General Forum Members
Points: 3328 Visits: 919
I see, I have never used local groups on my services (windows or default local system account) I have always used a domain service account. However I would not use windows accounts for my services, personal preference. :-)

MCSA SQL Server 2012
Brian Brown-204626
Brian Brown-204626
SSChasing Mays
SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)

Group: General Forum Members
Points: 619 Visits: 297
To decision to use local users was made above my head. Setting the permissions for the service startup account was done by adding the user into the local Windows group. If we change the service startup account, how do we set the permissions?
lkennedy76
lkennedy76
Hall of Fame
Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)Hall of Fame (3.3K reputation)

Group: General Forum Members
Points: 3328 Visits: 919
Just set it up as a service account in AD, the defaults can be used. Place it on a test box or a box that can be restarted to test to see that it will function correctly. That way you can go above and let them know it works. Just remember you have to restart services for the change to take place.

MCSA SQL Server 2012
Brian Brown-204626
Brian Brown-204626
SSChasing Mays
SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)

Group: General Forum Members
Points: 619 Visits: 297
I cannot set up any accounts in AD, our security team does that. It was also decides to use a distinct user for every server, which is why they create them locally on the box.
ksrikanth77
ksrikanth77
Mr or Mrs. 500
Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)Mr or Mrs. 500 (528 reputation)

Group: General Forum Members
Points: 528 Visits: 257
Hi,

It is recommended to run the SQL Services on an AD account.So update them the benefits of using a service account as a standard for all the sql server instead of using single user account on each server. This is more secure than using the individual accounts.

Thanks
Srikanth Reddy Kundur
Brian Brown-204626
Brian Brown-204626
SSChasing Mays
SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)SSChasing Mays (619 reputation)

Group: General Forum Members
Points: 619 Visits: 297
We used to use one AD account for all SQL Server services and another for all SQL Agent services. The service login account were changed after the install was complete, so we granted them both local admin rights on the servers. However, we have an isolated network where we had to conform to Federal requirements, one of which was no AD accounts unless absolutely necessary. We just decided to apply those requirement to all of our servers.
Richard Fryar
Richard Fryar
SSC Eights!
SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)SSC Eights! (917 reputation)

Group: General Forum Members
Points: 917 Visits: 1172
SQL Server 2012 doesn't use local groups anymore (though it does for SSAS).

There's a good explanation here

http://msdn.microsoft.com/en-us/library/ms143504.aspx


Check Your SQL Servers Quickly and Easily
www.sqlcopilot.com
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search