Key Aspects of Security to Keep in Mind while Managing Service Accounts in SQL Server

In an increasingly competitive environment, the threat to your data does not necessarily come from the outside world. In fact it can come from within your organization, say an employee who gains access to sensitive data beyond his mandate and then uses it for ulterior motives. Given the scenario one cannot be more cautious while working with a database application. Now if you are running a SQL Server instance then you would be aware of the fact that it runs a set of Windows services that can be assigned to a service account which then can be typically managed with the help of the Configuration Manager.

Setting the privileges associated with a service account can be tricky so it is always ideal to work on a thumb rule of minimum privileges. In other words the service account should have only those rights that are needed to run its mandated functions and nothing else. This would reduce both inadvertent and intentional attempts to access data by non authorized users. Let’s look at some other aspects that you need to keep in mind while managing service accounts.



Key Security Guidelines for Service Account Management

To start with it is always advisable to avoid the use of shared service accounts as far as possible. Next you should always make it a point to only use the Configuration Manager for editing service accounts and also keep modifying the password for the accounts in a periodic fashion. While this may inconvenience some users, it would serve a critical security need. The rationale behind using the configuration manager lies in the fact that it assigns the modified or freshly created account in the correct Windows group which would thereby lead to appropriate privileges being assigned to it. Another corollary benefit stems from the fact that it automatically again encrypts the service master key.

At any point of time when you get a request for a user for a separate Windows login rights for a running a specific job, do not just create a more endowed account. Instead try creating a proxy account, with specific rights, which should be able to complete the requested task at hand and nothing else.


Dealing with Unexpected situations while working on the SQL Server Database

The SQL Server database is recognized as a robust application which can be used to assuredly to run enterprise grade applications with ease. However it too can land you in some unexpected situations typically when a logical error is detected. In some rare cases the SQL application can crash and your entire data may be technically at risk. Thus a lot of administrators are looking at sql recovery tools like the potent DataNumen SQL Recovery to handle such situations. It incidentally is capable of dealing with issues related to sparse columns and can negotiate torn pages too. The tool is also ideal for digging out data from a SQL file lying on a disk image file


Author Introduction:

Alan Chen is President & Chairman of DataNumen, Inc., which is the world leader in data recovery technologies, including access recovery and sql recovery software products. For more information visit

Comments are closed.