The Multifunctioning DBA

Feb 24 2010   10:30AM GMT

Service Accounts with sysadmin role

Colin Smith Colin Smith Profile: Colin Smith

I have been finding so many servers that I have now that have application service accounts in the local administrators group. I HATE this. Why why why, do we not determine what the application needs and just give them that. I am only ranting about this because in SQL Server 2005 the local admin group, by default, is sysadmin role on the sql server. In 2008 MS took that out, but most of the 2008 instances I am coming up on still have had it put in. Not a good idea. Why would I ever want to give some generic applications service account the keys to my SQL Server kingdom. I do not even want most real people that I can talk to to have sysadmin role in my servers. I am responsible for that server and all the data in it, I do not know what the random application might do, all I know for sure is that it has the option to do anything, ANYTHING, that it wants. Watch out for it and when you see it, do whatever you can to gte rid of it.


That is all for now.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: