question

Carl avatar image
Carl asked

SQL 2005 - Full Text Search - locking down a system

Is this still a valid point: Microsoft has made it quite clear that the only way the Full Text Search service is supported is if it is running under LocalSystem. This came from an article cncerning security and logins in the SSC forums.

I am locking down a SQL 2005 (Entterprise Edition) system on WIndows 2008 Enterprise server (latest service pack) per goverment DOD standards. A particular STIG requires all SQL sewrvices ruun under a dedicated account (none can run under Local System). I have created 4 accounts for the sql services (still need to assign user rights) but wanted to know if the above statement is true. If so, then I can leave under local system and document the above as a refernece.

Thanks for any help or info on this.

Carl McGhee

sql-server-2005full-text
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
Steinar avatar image
Steinar answered

To the contrary, Microsoft strongly recommends AGAINST using LocalSystem http://msdn.microsoft.com/en-us/library/ms345189(SQL.90).aspx

I am sucessfully using low privilege domain accounts for this.

1 comment
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

David Wimbush avatar image David Wimbush commented ·
+1 from me. I really like it when people back things up with a credible reference.
0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.