x

SQL 2005 - Full Text Search - locking down a system

Is this still a valid point: Microsoft has made it quite clear that the only way the Full Text Search service is supported is if it is running under LocalSystem. This came from an article cncerning security and logins in the SSC forums.

I am locking down a SQL 2005 (Entterprise Edition) system on WIndows 2008 Enterprise server (latest service pack) per goverment DOD standards. A particular STIG requires all SQL sewrvices ruun under a dedicated account (none can run under Local System). I have created 4 accounts for the sql services (still need to assign user rights) but wanted to know if the above statement is true. If so, then I can leave under local system and document the above as a refernece.

Thanks for any help or info on this.

Carl McGhee

more ▼

asked Jan 10, 2010 at 01:30 PM in Default

Carl gravatar image

Carl
11 1 1 1

(comments are locked)
10|1200 characters needed characters left

1 answer: sort voted first

To the contrary, Microsoft strongly recommends AGAINST using LocalSystem http://msdn.microsoft.com/en-us/library/ms345189(SQL.90).aspx

I am sucessfully using low privilege domain accounts for this.

more ▼

answered Jan 11, 2010 at 07:25 AM

Steinar gravatar image

Steinar
1.7k 3 4 6

+1 from me. I really like it when people back things up with a credible reference.
Jan 11, 2010 at 09:43 AM David Wimbush
(comments are locked)
10|1200 characters needed characters left
Your answer
toggle preview:

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

New code box

There's a new way to format code on the site - the red speech bubble logo will automatically format T-SQL for you. The original code box is still there for XML, etc. More details here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

SQL Server Central

Need long-form SQL discussion? SQLserverCentral.com is the place.

Topics:

x1944
x46

asked: Jan 10, 2010 at 01:30 PM

Seen: 948 times

Last Updated: Jan 11, 2010 at 04:20 AM