Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion Groups
DB Engine
SQL ServerMSDESQL Server CE
Services
Analysis (Data Mining)Analysis (OLAP)DTSIntegration ServicesNotification ServicesReporting Services
Programming
CLRConnectivitySQLXML
Other Technologies
ClusteringEnglish QueryFull-Text SearchReplicationService Broker
General
Data WarehousingPerformanceSecuritySetupSQL Server ToolsOther SQL Server Topics
DirectoryUser Groups
Related Topics
MS AccessOther DB ProductsMS Server Products.NET DevelopmentVB DevelopmentJava DevelopmentMore Topics ...
SQL Server Forum / DB Engine / SQL Server / July 2008

Tip: Looking for answers? Try searching our database.

Any risks to change Local System to a domain account ?

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
lindaBztk - 07 Jul 2008 16:10 GMT
Hi All,

   We have a sql server serving for BizTalk in our staging environment
running under "Local System" account. To make the account privilege identical
to production environment, I'd like to change it to a domain account. I
wonder if there'd be any risks for doing that.

   Please advise.

Linda
Reply to this Message
Rick Sawtell - 07 Jul 2008 16:40 GMT
> Hi All,
>
[quoted text clipped - 7 lines]
>
> Linda

Domain Accounts are generally preferred over the Local Service for a variety
of reasons.

Ensure that the Domain Account that you choose however only has the security
levels it needs to perform its duties.  You will also need to ensure that
the domain account has log on as a service right.  For example, a Domain
Admin account is not a good choice.   A domain account that is a local admin
on that server however may be a better choice.

There are a host of other security concerns.  Check the BOL on that.

Rick Sawtell
Reply to this Message
Linchi Shea - 07 Jul 2008 18:11 GMT
Local System account has extensive privileges on the computer. So if may want
to assign the same privileges to the domain account on that computer. See
http://msdn.microsoft.com/en-us/library/ms684190(VS.85).aspx for the list of
privileges. Personally, if the privileges of the Local System account are
required when a domain account is used, I'd simply put that domain account in
the local admin group. This may raise some eyebrows from a security point of
view, but can simplify support--a trade off I'd make and you may want to
consider.

Linchi

> Hi All,
>
[quoted text clipped - 6 lines]
>
> Linda
Reply to this Message
Ekrem Önsoy - 07 Jul 2008 18:33 GMT
Ensure that Domain Account does not expire and disable and locked. Otherwise
your SQL Server may stop one day unexpectedly...

Signature

Ekrem Önsoy

> Hi All,
>
[quoted text clipped - 7 lines]
>
> Linda
Reply to this Message
lindaBztk - 07 Jul 2008 22:06 GMT
Thanks all, very helpful.

Linda
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.