[ACCEPTED]-What user account would you recommend running the SQL Server Express 2008 services in a development environment?-account

Accepted answer
Score: 36

Local System is not recommended, it is an administrator 31 equivalent account and thus can lead to 30 questionable coding that takes advantage 29 of administrator privileges which would 28 not be allowed in a production system since 27 security conscious Admins/DBA's really don't 26 like to run services as admin.

Depending 25 on if the server instance will need to access 24 other domain resources or not should determine 23 which type of low privilege account it should 22 run under.

If it does not need to access 21 any (non-anonymous) domain resources than 20 I normally create a unique local, low privilege 19 account for it to run under in order to 18 gain the additional security benefit of 17 not having multiple services running in 16 the same identity context. Be aware that the Local Service account is not supported for the SQL Server or SQL Server Agent services.

If it does 15 need to access non-anonymous domain resources 14 then you have three options:

  1. Run as Network Service which is also a low privilege account but one that retains the computers network credentials.
  2. Run under a Local Service Account
  3. Run under a custom domain account with low local privileges. One advantage to running under the developers account is that it is easier to attach debuggers to processes in your own identity without compromising security so debugging is easier (since non-Admin accounts do not have the privilege to attach a debugger to another identities process by default). A disadvantage to using another domain account is the overhead of managing those accounts, especially since each service for each developer should ideally have unique credentials so you do not have any leaks if a developer were to leave.

Most of what 13 I tend to do does not require the service 12 to access domain resources so I tend to 11 use unique local low privilege accounts 10 that I manage. I also run exclusively as 9 a non-admin user (and have done so under 8 XP SP2, Server 2003, Vista and Server 2008 7 with no major problems) so when I have cases 6 where I need the service to access domain 5 resources then I have no worries about using 4 my own domain credentials (plus that way 3 I don't have to worry the network admins 2 about creating/maintaining a bunch of non-production 1 domain identities).

Score: 15

It depends.

  • Local System - Never, it's too high a privilege.
  • Network Service - Perhaps, if you need to connect to network resources, but that's doubtful.
  • Local Service - Probably the best choice, limited privileges, do not unlock network connections
  • Local interactive user? Does it truly need to have login rights, or act as a user?
  • Domain user? Goodness no, not unless you're accessing network drives from within it; if SQL runs amok then an attacker is authenticated against the domain.


Score: 4

MS now has a good article on this: http://msdn.microsoft.com/en-us/library/ms143504(v=sql.105).aspx

They 7 state that Local Service is not allowed 6 for SQL Server Engine. Personally, I use 5 Local System just to avoid issues during 4 development, but in production, best practice 3 is to create a domain level service account 2 with just the permissions it needs to get 1 the job done.

More Related questions