November 15, 2011 at 6:51 am
While installing SQL Server 2008 ,In the Cluster Security Policy dialog box, could any one please explain use of service SIDs (recommended) and domain groups for all SQL Server services?
November 15, 2011 at 6:59 am
From reading the documentation, I got below information:
In Windows Server 2003, you can not leverage service SIDs. Specify domain groups for SQL Server services. All resource permissions are controlled by domain-level groups that include SQL Server service accounts as group members.
service SIDs do bind with windows service.
Still, i want more explanation on this if any one can provide.
Thanks
Chhavi
November 15, 2011 at 10:57 am
chhavinathmishra (11/15/2011)
From reading the documentation, I got below information:In Windows Server 2003, you can not leverage service SIDs. Specify domain groups for SQL Server services. All resource permissions are controlled by domain-level groups that include SQL Server service accounts as group members.
service SIDs do bind with windows service.
Still, i want more explanation on this if any one can provide.
Thanks
Chhavi
Using Startup Accounts for SQL Server Services
________________________________________
To start and run, each service in SQL Server must have an account configured during installation. Startup accounts used to start and run SQL Server can be built-in system accounts, local user accounts, or domain user accounts.
Domain User Account
If the service must interact with network services, access domain resources like file shares or if it uses linked server connections to other computers running SQL Server, you might use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account. This account should be pre-created by domain administration in your environment.
Local User Account
If the computer is not part of a domain, a local user account without Windows administrator permissions is recommended.
Local Service Account
The Local Service account is a built-in account that has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session without credentials. Be aware that the Local Service account is not supported for the SQL Server or SQL Server Agent services. The actual name of the account is "NT AUTHORITY\LOCAL SERVICE".
Network Service Account
The Network Service account is a built-in account that has more access to resources and objects than members of the Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account. The actual name of the account is "NT AUTHORITY\NETWORK SERVICE".
Local System Account
Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network. The actual name of the account is "NT AUTHORITY\SYSTEM".
Viewing 3 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply