General information
Forum:
Microsoft SQL Server
Title:
Why use domain account for services, not local system?
Environment versions
SQL Server:
SQL Server 2005
Greetings,
Most online sources recommend using a "domain account with limited privileges" instead of the local system account, as the account under which SQL Server's various services run. I am trying to understand specifically why this is so.
If I understand correctly, using the local system account limits anything an intruding user can do, to simply that PC, keeping them from being able to get anywhere else in the domain or network. A domain account, no matter how limited, still provides access to an intruder, outside the affected PC. I would much appreciate if someone could explain to me the specifics of why using a "domain account with limited privileges" is recommended, and exactly what the "limited privileges" are.
I am fairly new to SQL Server, my background is primarily in application and database development, and the security aspect has previously been handled by network staff.
Thanks,
Randy
Reply
View the map of this thread
View the map of this thread starting from this message only
View all messages of this thread
View all messages of this thread starting from this message only