473,372 Members | 1,173 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Risks of single MSSQL domain account for mult servers?

Greetings:

I am trying to conceive what risks might be created by running
multiple SQL servers within a domain under a single domain account, as
opposed to 1) running under the local service account or 2) multiple
domain service accounts.

In this case, all the SQL servers are SQL2000 running on Win2003. The
service account is assigned only to the "Domain Users" group.

We do use linked server calls, and I have played and suceeded getting
Kereberos up to avoid double hop issues when using Windows Auth. In
fact, this is one of the reasons that sparked the question in my mind
-- in all the MS Kerebos SQL<->SQL examples, the SQL servers run under
a unique service account.
As an aside, most of the servers are "line of business" servers, but
HR runs under a unique server with more sensitive information. I don't
really think that merits a seperate service account, but again, I
could well be missing something.
I mostly looking for food for thought, but concrete examples of
gotchas would be appreciated.

Thanks all.

d.
Jul 20 '05 #1
2 2857
D (or should I call you d?),

One drawback of using a single service account is that a breach of security
on that account means a breach on all of your SQL Servers.

(Yes, it is easier to only have one account to manage. Also, once upon a
time (a long time ago) it made replication easier.)

Russell Fields
"D Barry" <go****@dcbarry.com> wrote in message
news:6d**************************@posting.google.c om...
Greetings:

I am trying to conceive what risks might be created by running
multiple SQL servers within a domain under a single domain account, as
opposed to 1) running under the local service account or 2) multiple
domain service accounts.

In this case, all the SQL servers are SQL2000 running on Win2003. The
service account is assigned only to the "Domain Users" group.

We do use linked server calls, and I have played and suceeded getting
Kereberos up to avoid double hop issues when using Windows Auth. In
fact, this is one of the reasons that sparked the question in my mind
-- in all the MS Kerebos SQL<->SQL examples, the SQL servers run under
a unique service account.
As an aside, most of the servers are "line of business" servers, but
HR runs under a unique server with more sensitive information. I don't
really think that merits a seperate service account, but again, I
could well be missing something.
I mostly looking for food for thought, but concrete examples of
gotchas would be appreciated.

Thanks all.

d.

Jul 20 '05 #2
Russell:

It's "d.". "D." is just too pompous... ;-)

I should have stated the breach against one is a breach of all
arugument. (We do use nice long complex passwords.) I'm looking for
other

"Russell Fields" <Ru***********@NoMailPlease.Com> wrote in message news:<ub**************@TK2MSFTNGP10.phx.gbl>...
D (or should I call you d?),

One drawback of using a single service account is that a breach of security
on that account means a breach on all of your SQL Servers.

(Yes, it is easier to only have one account to manage. Also, once upon a
time (a long time ago) it made replication easier.)

Russell Fields
"D Barry" <go****@dcbarry.com> wrote in message
news:6d**************************@posting.google.c om...
Greetings:

I am trying to conceive what risks might be created by running
multiple SQL servers within a domain under a single domain account, as
opposed to 1) running under the local service account or 2) multiple
domain service accounts.
<snip>
Thanks all.

d.

Jul 20 '05 #3

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: M A Srinivas | last post by:
Hello, I need to move 6 SQL Servers from existing domain to a new domain. Currently all SQL Server servies are started using the domain account of old domain. What precautions and steps are...
1
by: DB2 | last post by:
Hello, everyone. Does anyone know what potential security issues when running DB2 services (start-up) using local system account instead of the DB2 admin account? DB2 environments: Windows...
1
by: SL | last post by:
How do I set up access to a file on a Windows Server 2003 Domain Controller that also has IIS? The file sits on another server. The Domain Controller / IIS server connects to this file through a...
3
by: Nick | last post by:
hi, all I just started to create my own website and I registered a new domain from yahoo, and then I want to register a webhost plan. And how to use this domain I registered? What I undertood...
10
by: Sridhar | last post by:
HI, I am having problems setting up a website so that it will be available only inside the domain. We have three servers. One is iis server and second one is internal server and the third one is...
0
by: Derftics | last post by:
Hi Guys, Is there anyone who have tried installing MSSQL 2000 and MSSQL 2005 servers in one desktop computer? I have tried using MSDE and successfully install the MSSQL 2000 server but when I...
1
by: Kazmataz | last post by:
Hi, I have set my .net application to impersonate and is installed on a Web Farm of 4 servers. In this application I allow users to upload files to the server. I have it setup so that no matter...
0
by: Philip Nelson | last post by:
I'm a UNIX person who is having difficulty understanding Windows security. I've got to install a DB2 server (initially Express-C) in a Windows domain environment. I fire up the installer and...
9
by: Phillip B Oldham | last post by:
Are there any FOSS Python Single-Sign-on Servers? We're looking to centralise the sign-on for our numerous "internal" webapps (across multiple servers, languages, and domains) to speed user...
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.