Re: security and service start up account
From: Jay (jay4050@hotmail.com)
Date: 08/13/02
- Next message: Donna Lambert [MS]: "RE: Permission to Users under DB"
- Previous message: Luther Miller: "Re: hotfix error: 'fn_escapecmdshellsymbolsremovequotes' is not a recognized function name"
- In reply to: Donna Lambert [MS]: "RE: security and service start up account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jay" <jay4050@hotmail.com> Date: Tue, 13 Aug 2002 13:31:22 -0700
thank you all!
"Donna Lambert [MS]" <dlambert@online.microsoft.com> wrote in message
news:eXh3fZtQCHA.964@cpmsftngxa10...
> Jay,
> I'd have to agree with Greg. The only gain you get in a non-active
> directory domain, is that the local system account can't access the
> network. But that machine will be completely vulnerable.
> You should consider using a local account with just enough rights to run
> SQL Server.
> And yes, SQL Agent will need to be a domain account to connect to the
other
> machines on the network.
>
> Hope that helps!
> Donna Lambert
> Microsoft SQL Server Support
>
> Disclaimer:
> This posting is provided "AS IS" with no warranties, and confers no
rights.
>
> Are you secure? For information about the Microsoft Strategic Technology
> Protection Program and to order your FREE Security Tool Kit, please visit
> http://www.microsoft.com/security.
>
>
> Recent viruses on the Internet underscore the threat to all computer users
> and highlight challenges facing the entire industry in providing security
> that everyone needs to conduct business. I encourage you to sign up to
> receive automatic notification of Microsoft Security Bulletins by visiting
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> bulletin/notify.asp. For more information on security, our Strategic
> Technology Protection Program and to order your FREE Security Tool Kit,
> please visit http://www.microsoft.com/security. We will be happy to answer
> any questions or provide assistance with your security needs.
>
> --------------------
> | From: "Jay" <jay4050@hotmail.com>
> | Subject: security and service start up account
> | Date: Mon, 12 Aug 2002 16:12:17 -0700
> | Lines: 16
> | X-Priority: 3
> | X-MSMail-Priority: Normal
> | X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
> | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
> | Message-ID: <emXyixjQCHA.3216@tkmsftngp12>
> | Newsgroups:
> microsoft.public.sqlserver.security,microsoft.public.sqlserver.server
> | NNTP-Posting-Host: 12.46.184.10
> | Path: cpmsftngxa10!tkmsftngp01!tkmsftngp12
> | Xref: cpmsftngxa10 microsoft.public.sqlserver.server:226628
> microsoft.public.sqlserver.security:7663
> | X-Tomcat-NG: microsoft.public.sqlserver.security
> |
> | currently we are using a domain user account as a service start up
account
> | for sql server and sql agent services. in order to tighten the security
> and
> | to curb spread of viruses, in case a server is infected by a worm in
> future,
> | we are considering to use Local System account to start sql server
> service.
> | but we do receive many FTP download files to feed some of our reporting
> | databases, there are DTS packages that imports these text files (stored
> on a
> | network drive) into sql tables.
> |
> | we think we have to use a domain account for the sql agent service that
> has
> | access to the network drive. is it a proper configuration to use Local
> | System account for sql server service and a domain account for sql agent
> | service? what other options we have?
> |
> |
> |
> |
> |
>
- Next message: Donna Lambert [MS]: "RE: Permission to Users under DB"
- Previous message: Luther Miller: "Re: hotfix error: 'fn_escapecmdshellsymbolsremovequotes' is not a recognized function name"
- In reply to: Donna Lambert [MS]: "RE: security and service start up account"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
