Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
CanadaDBA
583 Posts |
 Posted - 2007-03-30 : 11:09:53
|
| Env: SQL2K and SQL2k5 on Win2k3Is it good idea to have ONE domain user id for SQL Server service for ALL production servers? Or it is suggested to have a domain user id for each server separately?Canada DBA |
|
|
snSQL
Master Smack Fu Yak Hacker
1837 Posts |
Posted - 2007-03-30 : 12:55:45
|
| Depends on how much you have the servers interact with each other. If you have lots of cases where multiple servers are used in heterogenous queries, remote stored procs, linked servers etc. then using a single account for all of them will make management of permissions much simpler.Seehttp://msdn2.microsoft.com/en-us/library/ms143504.aspx |
 |
|
|
CanadaDBA
583 Posts |
Posted - 2007-04-02 : 11:24:10
|
| I found this on SQL-Server-Performance.com:In any case having 1 (single) domain account for 150+ and odd SQL Server instances is a 'bad practice' in terms of security aspect. Using a mass attack if the attacker gains the password for that domain account the risk is very high in losing all the SQL Server instance in 1 shot which could lead to a great businss loss. So at this juncture it is better to differentiate the usage of those 150+ SQL instances to the business and set an individual account for every SQL instance that has primary business functionality. If the other SQL instances that are used internally for any Intranet based application then you might consider to use 1 domain account for those few instances for managebility.Ref: http://www.sql-server-performance.com/faq/sqlviewfaq.aspx?faqid=188Canada DBA |
|
|
|
Michael Valentine Jones
Yak DBA Kernel (pronounced Colonel)
7020 Posts |
Posted - 2007-04-02 : 12:26:26
|
| If you use one account for all servers, it will make it almost impossible to change the password without a major disruption of service.I recommend that you have one account per server. If the servers need access to each other or to network shares, add the accounts to network groups, and grant the access to that group.CODO ERGO SUM |
|
|
|
|
|
|
SQL Server Service id