The 2005 Best Practices Analyzer (July 2007) contradicts Books Online about what account to run SQLSERVERAGENT under.
BPA says use Network Service Account, BOL explicitly says not to use Network Service Account:
BPA gives a warning saying "SQL Server Service [MY-PC\SQLSERVERAGENT] In Unrecommended Account On Host [MY-PC]. We recommend that the service [SQLSERVERAGENT] on host [MY-PC] be run under Network Service Account. Currently it is designated to run under the account [SOMEDOMAIN\someaccount]."
BooksOnline says "Security Note: Because multiple services can use the Network Service account, it is difficult to control which services have access to network resources, including SQL Server databases. We do not recommend using the Network Service account for the SQL Server Agent service."
So who's right ? BPA or BOL ?
Books online is correct - a non-system account provides more control over access, security.
Just curious...which version of BPA are you running?
-Sue
sql
No comments:
Post a Comment