Using the Local Service Account to run SQL Server 2005  
Author Message
denisej77





PostPosted: Wed May 17 00:10:39 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005

Are there any issues running the Database Service and the SQL Agent Service
with the "Local Service" account? These servers are standalone; they don't
connect to any other server or use any network resources (other then clients
connecting to the SQL instance).

The only reason Iâ??m question this is that the install of SQL 2005 doesnâ??t
allow me to set the service to use â??Local Serviceâ??, but once SQL is
installed. The SQL 2005 Configuration Manager allows me to chance the service
to â??Local Serviceâ??. Everything seems to run fine and itâ??s more secure.

I don't see any issue; I'd just like a second opinion.

From SQL 2005 BOL...

Using the Local Service Account
The Local Service account is a special, built-in account that is similar to
an authenticated user account. The Local Service account has the same level
of access to resources and objects as members of the Users group. This
limited access helps safeguard your system if individual services or
processes are compromised. Services that run as the Local Service account
access network resources as a null session with no credentials.


--
Kurt

SQL Server177  
 
 
weilu





PostPosted: Wed May 17 00:10:39 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 Hi zork,

Thank you for your post.

Thank you for taking the time to provide feedback on this product.

We are very interested in your thoughts and opinions for improvements that
we can make to provide the features and functionality you and your
customers would like to see.

To provide your feedback directly to the product groups:

http://lab.msdn.microsoft.com/productfeedback/default.aspx

Have a nice day.

Sincerely,

Wei Lu
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
zork





PostPosted: Thu May 18 09:58:02 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 Hi Wei Lu,

Your responce didn't answer my question. Please re-read my question.

What is any issues are there when running the database and SQL Agent service
under "Local Server" account ?
--
Kurt




> Hi zork,
>
> Thank you for your post.
>
> Thank you for taking the time to provide feedback on this product.
>
> We are very interested in your thoughts and opinions for improvements that
> we can make to provide the features and functionality you and your
> customers would like to see.
>
> To provide your feedback directly to the product groups:
>
> http://lab.msdn.microsoft.com/productfeedback/default.aspx
>
> Have a nice day.
>
> Sincerely,
>
> Wei Lu
> Microsoft Online Community Support
>
> ==================================================
>
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
>
> ==================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
 
 
weilu





PostPosted: Fri May 19 02:23:44 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 Hi zork,

Thank you for the post.

Local System is a highly privileged account on the machine and could be
used to compromise security.

We recommend you use the domain user as the SQL server and Agent Services
start up account.

Here is an article for your reference.

http://blogs.msdn.com/sanchan/archive/2006/05/03/589575.aspx

Also, you could check the following Books online article
Setting Up Windows Service Accounts
http://msdn2.microsoft.com/en-US/library/ms143504.aspx

Hope this will be helpful.

Sincerely,

Wei Lu
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

 
 
zork





PostPosted: Fri May 19 08:11:02 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 Hi,

Again I ask that you please re-read my original question.

Iâ??m asking about the â??LOCAL SERVICEâ?? account NOT the â??LOCAL SYSTEMâ??
account. I understand all the issues why not to use â??Local Systemâ??. I want
to understand what issues if any, may occur if I install SQL Server 2005 and
SQL Agent to run as â??LOCAL SERVICEâ??.

--
Kurt


 
 
Sue





PostPosted: Fri May 19 16:53:43 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 In your case with no network involved, not much difference
really. The main difference between the two is that the
Local Service account will access network resources via a
null session connection and Network Service account will
access network resources under the actual machine account
name. The following article describes the differences
between the all of the different system accounts:
http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/sspgch02.mspx

-Sue

On Fri, 19 May 2006 06:11:02 -0700,


>Hi,
>
>Again I ask that you please re-read my original question.
>
>I?m asking about the ?LOCAL SERVICE? account NOT the ?LOCAL SYSTEM?
>account. I understand all the issues why not to use ?Local System?. I want
>to understand what issues if any, may occur if I install SQL Server 2005 and
>SQL Agent to run as ?LOCAL SERVICE?.

 
 
weilu





PostPosted: Mon May 22 01:01:58 CDT 2006 Top

SQL Server >> Using the Local Service Account to run SQL Server 2005 Hi Zork,

Thank you for the update.

Sorry for misunderstood your concern. As Sue mentioned, the Local Service
account will access network resources via a
null session connection. On the local machine, it works as a normal User
account and is under the User Group. It is a regular, low-privileged,
password-less user account on the machine.

Sincerely,

Wei Lu
Microsoft Online Community Support

==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.