Difference between using a local system account and using a domain user account in sqlserver2000

When installing sqlserver2000, this screen is displayed, which sets the login identity for starting the SQL Server service. After sqlserver2000 is installed, an MSSQLServer service is generated. Here, the logon identity of the service is set to start.
 
So which one should we choose? What do they mean? Next, let's look at it.

Let's take a look at two concepts.

What is creden?
Windows credential refers to the user account and password. We call APIs such as wtsopenserver, queryservicestatus, and netuserenum that involve RPC, as long as the current user stores the creden with the appropriate permissions for the target remote machine, these Apis will not fail to be executed because of error_access_denied.
Is it hard to understand? Let's take a look at the access to other computers for better understanding. RPC is required to access a remote computer.
 
When we connect to the IP address 172.16.100.1, we need to enter the user account and password. Here, the user account and password are so-called creden.
 
After entering the user account and password, tick "remember my password" and click OK. Then, our creden (that is, this user account and password) are stored, so you do not need to enter them when you access them later.

Security Context
Security context refers to the security attributes or rules that are valid in a system.

The following describes two logon methods for the sqlserver2000 service: Local SYSTEM account and domain user account.

Local SYSTEM account:

This account is a predefined local account with administrator permissions on the local computer. The Service running in the security context of the Local System Account provides the local computer creden。 to the remote server. The Service running in the security context of the local system account cannot establish an authentication session because the local system account does not belong to the Everyone group in the domain. Therefore, services using this account can only access network resources through a Null Session (without creden. (This access refers to the automatic access to a task service, which is different from the concept of connecting to the SQL server)

Domain user account:

Use a dedicated domain user account as the Logon account

A domain user account is a user account created in the Active Directory Service. This account is a member of the Authenticated Users Group in the domain. The Service running in the security context of the domain user account provides the Kerberos ticket of the domain user account to the remote server. The Service running in the security context of the domain user account can access resources on the remote server authorized by authenticated users or specific user accounts.

Use a local user account as the Logon account

A local user account is a Windows User Account created on a local computer. The Service running in the security context of the Local User Account provides the access tag of the local user account to the remote server. If the user name and password are matched on the remote server, the service using the local user account can access resources on the remote server with the same name account. Although this solution works, maintaining these individual accounts and synchronizing their passwords will increase management overhead.
If you have not joined the domain but need to connect to network resources, you can use a local user account as the Logon account.
It can be seen that the domain user account can use creden。 to access the remote computer and use the corresponding resources.

For example, the sqlserver service needs to access a remote computer when it performs the following operations.
• Remote process call.
• Copy.
• Back up to the network drive.
• Heterogeneous connections involving remote data sources.
• SQL Server proxy mail and SQL mail.

In these cases, you cannot access a remote computer without using creden。 and use its resources. Therefore, you must change the logon type to "domain user account" and enter the existing "User Name" and "password" configured on the remote computer ".

If it is only installed on the local machine for development or learning, there is no need to use the domain user account logon mode, because sometimes the service cannot be started due to switching between different users.

Modify the login type of sqlserver Service

The service logon type can be changed at any time. You can use either of the following methods to modify the logon type of the sqlserver service as needed.

1. Modify through Enterprise Manager

Right-click sqlserver server --- "properties" --- "Start service account" under "security"
 

2. Modify through the service

"Control Panel" --- "service" ---- "MSSQLServer", right-click --- "properties" --- "login"
 

Some problems encountered when installing sqlserver
1. the prompt "command line option syntax error!" appears during installation! Type COMMAND /? For help"
This is because you may put the Installation File of sqlserver in the Chinese directory. You can change it to the English directory. Each level of directory cannot contain Chinese characters.
2. the prompt "previousProgramInstall a file that has been suspended on the installation computer. You must restart the computer before running the installer"
Open the Registry Editor (or enter Regedit in the command line), find the pendingfilerenameoperations project in HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager, and delete it. Then install.