none
Network backup

    Question

  • Hi All~ I would like to backup database to a network resources.

    My sql start with a local service accout. I would like to keep this setting when doing network database backup. is it possible ? I find a MSDN talking about computer account access to network resources.

    "You can connect with the network service account by using the computer account instead of a domain user. To enable backups from specific computers to a shared drive, grant access to the computer accounts. As long as the Sqlservr.exe process that is writing the backup has access, it is irrelevant whether the user sending the BACKUP command has access."

    Monday, January 13, 2014 2:30 AM

Answers

  • Hi,

    As the description in MSDN article, only services that run as the Network Service account can access network resources using the credentials of the computer account. The services which run under Local Service account access network resources as a null session with no credentials.

    Base on my test, the backup failed if I granted the computer name read write permission on the network location and used Local service account.

    It completed successfully if I changed to Network service account. However, Microsoft recommends that you do not use the Network Service account for the SQL Server or the SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL Server services.

    Setting Up Windows Service Accounts

    http://technet.microsoft.com/en-us/library/ms143504(v=sql.90).aspx

    Thanks.


    Tracy Cai
    TechNet Community Support

    Tuesday, January 14, 2014 7:12 AM

All replies

  • Hello,

    Yes it is possible but very bad security practice. Giving access through the computer objects essentially let's anyone on that machine access those files and shares.

    If you wanted to go through with this you'd need to grant the computer object (ad_computer_name_object$) a minimum of read and write on that network location.


    Sean Gallardy | Blog | Twitter

    • Proposed as answer by Shanky_621 Monday, January 13, 2014 6:02 AM
    Monday, January 13, 2014 3:50 AM
  • I have try once, it's not good in performance.. ~ you guys know the performance ?? It's better or worse ?

    Monday, January 13, 2014 7:21 AM
  • you guys know the performance


    You will backup the file over network, so performance of the backup direcly depends on the network perfomance; of course it's much slower then a local backup.

    Olaf Helper

    [ Blog] [ Xing] [ MVP]

    Monday, January 13, 2014 7:30 AM
  • Hi,

    As the description in MSDN article, only services that run as the Network Service account can access network resources using the credentials of the computer account. The services which run under Local Service account access network resources as a null session with no credentials.

    Base on my test, the backup failed if I granted the computer name read write permission on the network location and used Local service account.

    It completed successfully if I changed to Network service account. However, Microsoft recommends that you do not use the Network Service account for the SQL Server or the SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL Server services.

    Setting Up Windows Service Accounts

    http://technet.microsoft.com/en-us/library/ms143504(v=sql.90).aspx

    Thanks.


    Tracy Cai
    TechNet Community Support

    Tuesday, January 14, 2014 7:12 AM