June 6, 2013 at 9:46 pm
Deque (6/6/2013)
In an ideal world, yeah, I agree with that. 🙂 Sometimes exceptions have to be made, though, because some applications require the service account to be a SysAdmin, such as Microsoft BizTalk Server. Sure, you may be able to work it out so the account doesn't require SysAdmin access, but I'm not sure what Microsoft's support stance is going to be if you don't even follow step 1 of their documentation.Of course, that requirement is one of the major reasons why BizTalk Server gets it's own instance in our environment.
Heh... I've seen people change their names overnight because they made such exceptions. Doesn't matter what their name starts out as, it almost always ends up being changed to "hacked". You've done the right thing by giving BizTalk Server its own instance and I'd do the same if forced into using BizTalk.
It's not an ideal world I live in but I'm fortunate that managment usually listens to me when it comes to security and viability of apps. It's unfortunate that a lot of other companies don't listen to their DBAs.
--Jeff Moden
Change is inevitable... Change for the better is not.
June 6, 2013 at 10:17 pm
Deque (6/6/2013)
Of course, that requirement is one of the major reasons why BizTalk Server gets it's own instance in our environment.
If an app logon absolutely requires sysadmin for support purposes I always like to ringfence them into their own instance too.
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
Viewing 2 posts - 16 through 17 (of 17 total)
You must be logged in to reply to this topic. Login to reply