SQL Server Managed Service account

Source: Internet
Author: User
Tags naming convention

Original address: http://www.cnblogs.com/jfzhu/p/4007472.html

Reprint please indicate the source

(a) login account used by Windows services

Windows services can access resources and objects in the operating system only if they are logged on to an account. Services generally do not change the default logon account, which may cause the service to fail. If the selected account does not have sufficient permissions, the Services snap-in for Microsoft Management Console (MMC) automatically grants the account the user right to log on to the service on the managed computer. Windows Server Services can use a domain account or three built-in local accounts as the logon account for each system service, and three built-in accounts without a password:

(1) Local System account: The Local System account is powerful, it has full access to the system

(2) Local services account (NT authority\local Service)

(3) Network Services account (NT Authority\Network Service)

Most of the services in the system use the above three built-in local accounts as login accounts.

(ii) Managed Service account

There are some issues with using domain accounts and built-in accounts in some cases, assuming that the SQL Server service is using the Local System account, other services that use the Local System account can connect to the SQL Server database, and if you are using a domain account, After the password of the domain account is changed, the login account password of these services should be changed manually in Services.msc, and if the password of the domain account used by the service is set to never expire, it will leave a system security risk, so from Windows Server 2008 R2 and Windows 7, a new feature managed the service account (managed service accounts) came into being. The password for the managed service account is generated by the system and changed every 30 days, and the login account that uses the managed service account as the Windows service does not need to set a password. The managed service account is only bound to be used on a single computer. In order to isolate different Windows services, a managed service account should be used only for one service.

(iii) Managed Service account in SQL Server 2012

SQL Server 2012 creates a managed service account for each SQL Server-related service, with the exception of SQL Server browser and Analysis service. How to install SQL Server, see the installation of step by step SQL Server 2012.

The managed service account naming conventions used by SQL Server are the following table

Service Name

Instance

Service account naming convention

Database Engine Default MSSQLServer
Agent Service Default SQLServerAgent
Reporting Server Default ReportServer
Analysis Service Default MSSQLServerOLAPService
Fulltext Service Default Mssqlfdlauncher
Database Engine InstanceName Mssql$instancename
Agent Service InstanceName Sqlagent$instancename
Reporting Server InstanceName Reportserver$instancename
Analysis Service InstanceName Msolap$instancename
Fulltext Service InstanceName Mssqlfdlauncher$instancename
Integration Service Not applicable MSDtsServer110

Check that the service account used by Database engine and SQL Server Agent in SQL Server is assigned the SA role.

Summarize:

(1) In previous systems, the Windows service could use a domain account or three built-in local accounts as a login account. The local System, NT Authority\Local service, and NT AUTHORITY\NETWORK Service are the three native accounts. When you select a Windows service login account, the account can have no permissions, and the MMC Service snap-in automatically grants the account the user right to log on to the service on the managed computer.

(2) Managed service account starts appearing from Windows 7 and Windows R2, and with this type of accounts, the system can automatically process the account password for you.

(3) SQL Server 2012 creates a managed service account for each SQL Server-related service (except SQL Server browser and Analysis service).

SQL Server Managed Service account

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.