RE: Windows Authentication in a NT domain vs in an Active Director

From: Peter (Peter_at_discussions.microsoft.com)
Date: 02/28/05 

Date: Sun, 27 Feb 2005 17:29:03 -0800

Hi Kevin,

Thanks for your reply.

Peter

"Kevin McDonnell [MSFT]" wrote:

> Responses inline:
>
> 1. Does SPN exist for a Windows 2000 server or Windows XP machine in a
> Windows NT domain? How about in a Windows 2000 domain without Active
> Directory?
>
> --- Not in a Windows NT domain. SPN's will exist for the hostname for
> machine in AD.
> SPN's don't exist for SQL unless the service is running under localsystem.
> Which is not
> recommended. Only the Domain Admin has privleges to add a new SPN for SQL.
>
> Also, you can't add SPN's for a server with Dynamic ports because the port
> number is part of the SPN.
> The server must be using Static ports.
>
> 2. How to use the setspn.exe to create and list SPN for an instance of SQL
> Server (e.g the server instance is PETER\TEST1, domain name is W2KDOMAIN,
> SQL
> Server service is using W2KDOMAIN\PETER to start the service)?
>
> --- Setspn -A MSSQLSvc/VirtualSQLServerNameHere.W2KDOMAIN:PortNumber Peter
>
> See the kb for example.
> 319723 INF: SQL Server 2000 Kerberos support including SQL Server virtual
> http://support.microsoft.com/?id=319723
>
>
> 3. Same as #2 except SQL Server service is using local system account to
> start the service.
>
> localsystem is not recommended for Standalone service accounts, nor
> Clustered Servers.
> It should be a domain account per the following article on Virtual SQL
> Server accounts.
>
> 239885 How to change service accounts on a SQL virtual server
> http://support.microsoft.com/?id=239885
>
>
>
> Thanks,
>
> Kevin McDonnell
> Microsoft Corporation
>
> This posting is provided AS IS with no warranties, and confers no rights.
>
>
>
>

Relevant Pages

  • Re: New Windows Infrastructure
    ... vendor's application runs on windows with an SQL database and I will also need a web server for a separate module which will allow our customers to access account data online. ... I would think that if the app runs on windows, I do not need the citrix server. ... It makes sense to have separate DCs though, because let's say you want to upgrade your Active Directory in two weeks time, with separate DCs it's easy, but if you've got a bunch of apps installed it could be a nightmare. ...
    (microsoft.public.win2000.setup_deployment)
  • How can I avoid using SQL Authentication with the Office Web Parts?
    ... We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint ... We are using Office Web Parts on several Web ... Part pages to display data retrieved from a SQL Server (SQL 2000 SP3 running ...
    (microsoft.public.sharepoint.portalserver.development)
  • How can I avoid using SQL Authentication with the Office Web Parts?
    ... We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint ... We are using Office Web Parts on several Web ... Part pages to display data retrieved from a SQL Server (SQL 2000 SP3 running ...
    (microsoft.public.office.developer.web.components)
  • How can I avoid using SQL Authentication with the Office Web Parts?
    ... We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint ... We are using Office Web Parts on several Web ... Part pages to display data retrieved from a SQL Server (SQL 2000 SP3 running ...
    (microsoft.public.inetserver.iis)
  • How can I avoid using SQL Authentication with the Office Web Parts?
    ... We have a machine running Windows 2003 Server, IIS 6, and Windows SharePoint ... We are using Office Web Parts on several Web ... Part pages to display data retrieved from a SQL Server (SQL 2000 SP3 running ...
    (microsoft.public.sharepoint.windowsservices)