[Go] Account setup issues in SQL SERVER R2 installation

Source: Internet
Author: User

Mitchellsays:problems with setting up accounts in SQL SERVER 2008 installation, 2013-7

When you install a SQL Server 2008 database server, the server may be in the following environments:
Servers in the ① workgroup environment (WorkGroup)
Domain controller in ② domain environment
③ member server (domain Member) in an environment
④ cluster environment (cluster)

In real-world applications, developers or implementers rarely have access to the application of a domain controller-based network environment, and most of the applications are for workgroup environments.
For example: A configured IIS server will publish many Web sites, the server itself will also host the role of the database, this is the application in the workgroup environment.

But for Microsoft platform Enterprise application development, almost all need to be applied and deployed in the domain environment.
such as Microsoft's CRM,SHAREPOINT,UC and other products of two times development,. NET platform in order to adapt to the enterprise environment and organizational architecture in the domain mode of application development, and so on, this may involve the domain controller, domain member servers or even in the "cluster" Installation of SQL Server 2008.

The above lists the possible application deployment environments for SQL Server 2008, but regardless of the environment, the issue of configuring accounts for each <sql SERVER service > configuration is met.

Why should I configure an account for every service in SQL SERVER?
This is because when a different account is configured for the SQL Server service, the SQL Server service runs with the group to which the account belongs, thereby controlling the service's access to various resources through the account.

SQL Server 2008 has built-in 3 accounts, namely:
Local Service account,
Network Service account,
Local System account

1.Local Service Account:
Local Service Accountsame level of access to resources and objects as members of the Users group
(digression: What is the Users account group, see the Windows Six User Groups feature analysis).
If the security of individual services or processes is compromised, limited access to this account helps protect the security of the system.
Services that run as Local service accountsnetwork resources will be accessed as a Null session with no credentials
Note: The Local service account is not supported by SQL Server or the SQL Server Agent service.
The actual name of the account is "NT authority\local SERVICE".

Digression: Windows credentials (credential) actually refer to user accounts and passwords.
Null session, which is a null session, see the article "Null Connection".

2.Network Service Account:
Network Service Accountmore access to resources and objects than members of the Users group.
Services running as Network service account network resources will be accessed using the credentials of the computer account .
The actual name of the account is "NT authority\network SERVICE".

3.Local System Account:
The local System LocalSystem account is a built-in account with high privileges .
It has many permissions on the local system and acts as a computer on the network.
The actual name of the account is "NT authority\system".

--------------------------------------------------------------------------------------------------------------- ------------

In practical applications,

1. If you are installing SQL Server 2008 in a workgroup environment, the accounts that are allowed to use include:
① Local user account (note not local Service account!) )、
② built-in account (Network Service account, Local System account, etc.).

2. If you are installing SQL Server 2008 on a domain environment (including member servers),
(Note: Microsoft recommends that you do not install SQL Server 2008 on a domain controller for security reasons)
Although SQL Server Setup does not prevent installation on a computer that is a domain controller, the following limitations exist:
① can be used for limited account
On a domain controller, you cannot run the SQL Server service under <local Service Local Service account > or <network Service Network Service account >. The account used at this time is typically a domain account and <local System account >.
② You cannot change this computer from a domain member to a domain controller after you install SQL Server on the computer.
Before you can change the host computer to a domain controller, you must uninstall SQL Server.
③ SQL Server Failover cluster instances are not supported in cases where the cluster nodes are used as domain controllers.
④sql Server Setup cannot create a security group on a read-only domain controller or set up a SQL Server service account. In this scenario, the installation fails.
--------------------------

In summary, by configuring different accounts for different SQL SERVER services, you can control their permissions, thereby restricting the resources that can be accessed and helping the system run safely.

[Go] Account setup issues in SQL SERVER R2 installation

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.