Re: Should you use local machine groups?
- From: "Arnie Rowland" <arnie@xxxxxxxx>
- Date: Mon, 20 Nov 2006 09:40:57 -0800
No. Do not map domain groups to local accounts and then map those local
accounts to the SQL Server. Eventually, that mistake will cause you grief.
Grant SQL Server login permission directly to the Domain accounts, and map
them to SQL ROLES. By so doing, you will not be 'bound' to the piece of
hardware. (Think about having a server crash and having to rebuild up on a
new box. Or a parallel upgrade to a new piece of hardware. What where those
LOCAL accounts again?)
--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc
Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous
You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf
"James" <James@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2C154835-14BD-47CC-ADC1-51F27B503143@xxxxxxxxxxxxxxxx
Somewhere in the dim past I remember a Microsot recommendation NOT to map
active directory domain groups directly to SQL logins but rather to map
the
domain group to a machine local group and then to put that local group to
the
SQL.
Is this a valid "best practice" or is it booogus?
Thanks
.
- Prev by Date: Re: Should you use local machine groups?
- Next by Date: how to move users from one sql2k5 to another sql2k5
- Previous by thread: Re: Should you use local machine groups?
- Next by thread: how to move users from one sql2k5 to another sql2k5
- Index(es):
Relevant Pages
|
|
