SQL Browser and its' own service account

  • Juanita

    SSCertifiable

    Points: 5300

    HI,

    Question:

    I am installing sql2005 standard edition for the first time. I am on the service account page of the wizard. I had read that it was a good practice to run services with different accounts. So I had our network section set up an account for the sql server service and the sql agent, but wasn't aware of a service called, 'SQL BROWSER'. Might be a silly question but do I also need a service account for the sql browser?

    Thank you,

    Juanita

  • Kirk-1014088

    Grasshopper

    Points: 13

    If you do not have any named instances on the server, then Browser is not necessary. Otherwise, I would say for security and consistency's sake to create an account for the Browser service.

    http://www.perptech.com

  • Juanita

    SSCertifiable

    Points: 5300

    Thank you!

  • EdVassie

    SSC Guru

    Points: 60274

    There are limited situations where SQL Browser is needed, and many installations have the SQL Browser service set to Disabled.

    If you only have 1 SQL instance on your server you never need SQL Browser.

    If you use Kerberos security you never need SQL Browser. Kerberos forces the use of defined ports, and will provide the port number for connection if it is not in the application connection string.

    * If you have multiple SQL instances on your server AND they use dynamic ports then you will need SQL Browser.

    The use of dynamic ports for SQL instances is bad practice, because it can be impossible to provide firewall protection to the server because the ports that need to be opened in the firewall cannot be predicted. (OK, a software firewall can be configured after SQL starts, but hardware F/Ws cannot, and in any case you should not be poking new holes in your F/W on an ad-hoc basis.)

    * If you have multiple SQL instances and you use defined ports BUT your applications do not give the port number in the connection string then you will need SQL Browser.

    IMHO this is laziness. If you have defined ports for SQL Server then there is little reason why your applications cannot provide the port number in the connection string.

    Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.

    When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply