October 14, 2008 at 3:10 am
I'm in the process of planning the changing of some accounts that we use on one of our SQL 2005 Enterprise SP1 Clusters. Currently all instances run using a single very privileged account. So far i'm planning on breaking down the accounts so that there is an AD account for the SQL Server, Agent, Browser and Full Text Search components.
Am i taking it to far by creating seperate accounts for each of the instance aware components in each SQL instance, so that potentially there is;
SQL Server Account Instance 1
SQL Agent Account Instance 1
SQL Full Text Search Account Instance 1
SQL Server Account Instance 2
SQL Agent Account Instance 2
SQL Full Text Search Account Instance 2
SQL Browser Account
Apart from the added complication, does this bring anyother disadvantages?
TIA - Chris.
October 14, 2008 at 4:16 am
Sorry guys, didn't realise this was in the SQL 7, 2000 area... any chance it can be moved?
October 14, 2008 at 8:11 am
I don't think there's anything more than the added complication, which I wouldn't dismiss. If you have a need for the FTS service to really have different rights, then do it. If not, I'd stick with Service/FTS on one account, agent separated out.
October 14, 2008 at 8:30 am
Cheers Steve!
For me, once the initial account creation has been carried out then it shouldn't require anymore administration apart from if the worst where to happen. I was considering a seperate account for each service so that any account compromises would be localised.
Viewing 4 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply