SQL Server Performance

Application Authenticates As App Server Machine Name

Discussion in 'SQL Server 2008 General DBA Questions' started by ptimmerm, Nov 30, 2009.

  1. ptimmerm New Member

    I have an app which I ideally want to authenticate as a pre configured domain service account. We have been advised by the vendor that this is not possible with their app. The best I can do is to get it to run as the machine name for the application server DomainNameAppServerName$
    My only other option is to use SQL Authentication.
    Are there any downsides to using the machine account? It is a domain account. I have simply never had an app run in this manner so it seems a bit counter intuitive to me.
    Thoughts?
    Comments?
  2. satya Moderator

    No issues in terms of using SQL authentication, as the Microsoft’s best practice recommendation is that you use Windows authentication mode whenever possible. The main benefit is that the use of this mode allows you to centralize account administration for your entire enterprise in a single place: Active Directory. This dramatically reduces the chances of error or oversight.
    If you use Windows authentication mode, revoking that user’s access takes place automatically when you disable or remove the DBA’s Active Directory account. If you use mixed authentication mode, you not only need to disable the DBA’s Windows account, but you also need to comb through the local user listings on each database server to ensure that no local accounts exist where the DBA may know the password.
  3. ptimmerm New Member

    Understood. But are there any issues with using the Local Machine account?
  4. satya Moderator

    If the application activities on database doesn't go beyond the local machine (not to other machine on the domain) then no issues.
    It is your application and if you think no application access or action are managed on network/domain then I don't see any issue

Share This Page