Sunday, November 8, 2009
In SQL Server, as per the components we select, different services gets installed like SQL SERVER Database engine, Analysis Service, Integration Services, Reporting Services and SQL Server Agent Services. But each service have its own specific tasks to do which requires different privilege and permissions. If we are configuring all the services startup account with a single user, this user will have to have a sum of all the permission required by all the services, which is very against security policy recommended by Microsoft. For eg. DB Engine needs permission to the folder where the data and log files are kept why because it has to write the data into these files. Whereas SQL Server Agent does not need this permission. So, if we are using same user for both the services, if the SQL Server Agent service got hacked or compromised , even the database engine is at risk. This is the very basic reason why we need different windows user for each service.