We are going to change our administrator password... I have several
instances of SQL that are using this account. I know I will need to restart
SQL for the new settings to take effect.
However, this is the same account that people use to log into the console. I
made the suggestion that at the same time we change the password, we also
create another account for SQL to use. The idea was shot down because it's
looked at as too drastic. That while changing the password the current
account is using will potentially cause it's own set of problems, changing
the account that SQL uses altogether would cause even more problems. My take
is that as long as this new account has the same permissions as the old
account, theres no greater risk? Is that correct? Is it a greater risk
provided the permissions are same for the new acount as the old?
TIA, ChrisRFrom your post its looks like changing the login account or keeping the
system admin account potentially causes problem in some way or the other. In
such you need to take step-by-step approach.
--> Identify the group of users, applications. Categorize them.
--> Identify the type of permissions that needs to be assigned to each user
--> Add a role and assign that role to the group of users.
--> Now move onto the other group of users
During each of these process, discuss/inform your users about this change.
The idea is to go through these steps for each user group, till all of them
are removed from system admin account. Ideally no user should use sa account
for security reasons.
- - - - - - - - -
Thanks
Yogish
"ChrisR" wrote:
> We are going to change our administrator password... I have several
> instances of SQL that are using this account. I know I will need to restar
t
> SQL for the new settings to take effect.
> However, this is the same account that people use to log into the console.
I
> made the suggestion that at the same time we change the password, we also
> create another account for SQL to use. The idea was shot down because it's
> looked at as too drastic. That while changing the password the current
> account is using will potentially cause it's own set of problems, changing
> the account that SQL uses altogether would cause even more problems. My ta
ke
> is that as long as this new account has the same permissions as the old
> account, theres no greater risk? Is that correct? Is it a greater risk
> provided the permissions are same for the new acount as the old?
> TIA, ChrisR
>
>|||Oops, I didn't realize that you meant changing sql service account. Please
ignore my previous post.
I thought you wanted users to stay away from sa account.
--
- - - - - - - - -
Thanks
Yogish
"ChrisR" wrote:
> We are going to change our administrator password... I have several
> instances of SQL that are using this account. I know I will need to restar
t
> SQL for the new settings to take effect.
> However, this is the same account that people use to log into the console.
I
> made the suggestion that at the same time we change the password, we also
> create another account for SQL to use. The idea was shot down because it's
> looked at as too drastic. That while changing the password the current
> account is using will potentially cause it's own set of problems, changing
> the account that SQL uses altogether would cause even more problems. My ta
ke
> is that as long as this new account has the same permissions as the old
> account, theres no greater risk? Is that correct? Is it a greater risk
> provided the permissions are same for the new acount as the old?
> TIA, ChrisR
>
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment