Service Accounts – Conflict on MS Site | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Service Accounts – Conflict on MS Site

So, In Windows 2000 does the local system account have network access or not ?
quote:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql/in_overview_6k1f.asp
Using the Local System Account
The local system account does not require a password, does not have network access rights in Windows NT 4.0 and Windows 2000, and restricts your SQL Server installation from interacting with other servers.
quote:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql/in_runsetup_9ann.asp
Use the Local System account
The local system account does not require a password, does not have network access rights in Windows NT 4.0, and may restrict your SQL Server installation from interacting with other servers. Note In Windows 2000, the local system account does allow network access.

Hi there, I always thought that local system account meant that SQL could not get to any resources outside of the machine it is on. This would still be the case for any file access, since even if local system has network access, it does not have a SID to grant it access to resources on other machines… I guess the easiest thing is to try it. Put a SQL instance under control of the local system account and see if you can access remote SQL servers, do backups/restores to network drives, use xp_cmdshell to access network resources, etc. I would have expected not, unfortunately I don’t have an instance here that I can test this on Cheers
Twan
If any of the jobs are involved in the network accessibility then ensure to start the SQL services with a domain account in order to privilege the job to complete. If you use the local system account then all these jobs will fail as there is no network accessibility for the local system account defined in the SQL server. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
Yes Twan, what you think is right. Seconding to what Satya has suggested: Local Syatem account does not havr any network privilages at all. Gaurav
Moderator
Man thrives, oddly enough, only in the presence of a challenging environment- L. Ron Hubbard

The views expressed here are those of the author and no one else. There are no warranties as to the reliability or accuracy of anything presented here.
Would running MSSQL as LocalSystem be the same as running it as .Administrator ? .Administrator has network access correct ?
LocalSystem is not the same as .Administrator. .Administrator or any .SomeAccount is a user account local to the server. Generally you can not assign network access to such accounts but you can get around it if you create an identical local account on another server that has the exact same name and password. When working with network access use domain accounts as mentioned in previous posts to avoid issues with changing passwords on multiple locations etc.
Its a good practice to change passwords for a service accounts, but ensure the same is effected immeidately on the SQL server services. Otherwise the next moment service will not be started due to the issue. Satya SKJ
Moderator
http://www.SQL-Server-Performance.Com/forum
This posting is provided “AS IS” with no rights for the sake of knowledge sharing.
]]>