Monday, March 19, 2012

Changing SQL and Agent Service account?

Are there any best practices recommending changing the SQL Server/Agent
domain service account password? I assume you do not want to leave these
the same forever after install, and I have a service pwd change utility
without restarting SQL server, but not seeing a lot of talk about changing
these account(s). Should they not change just like any other priveledged
user?"Brian" <bpollard@.idahodba.org> wrote in message
news:OCqXZ8KdEHA.3016@.tk2msftngp13.phx.gbl...
> Are there any best practices recommending changing the SQL Server/Agent
> domain service account password? I assume you do not want to leave these
> the same forever after install, and I have a service pwd change utility
> without restarting SQL server, but not seeing a lot of talk about changing
> these account(s). Should they not change just like any other priveledged
> user?
>
If you change these accounts it is probably easiest to do so through
Enterprise Manager. If you have not read the following paper, I recommend
it:
http://www.microsoft.com/technet/pr...n/sp3sec02.mspx
while it does not make any firm recommendation on account/password changes,
this really should default (IMO) to whatever policy is in place in the
domain. More importantly, follow the recommendation of using a "service"
account that is not local system and is not an administrator on the server.
Steve|||I guess this all depends upon your Security Policy that you have in place.
The service accounts should be running under a low privilege domain acount
and should be changed
based upon the password expiration you've set for other domain accounts.
So, yes I believe they should be changed.
Typically, you modify the account within SEM, but here's an article on how
to do it outside of SEM.
283811 How to change the SQL Server or SQL Server Agent Service account
without
http://support.microsoft.com/?id=283811
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.

No comments:

Post a Comment