Service Account Tips RRS feed

  • Question

  • I need information on the service account used to run SQL Server. I have read somewhere that it should always be a user that has limited rights to the network to be able to access the ADS, is that true? How can it affect the SQL Server if i use a Domain Account instead of a Local Administrator account.

    Second, i'd like to know how to perfectly secure my SQL CLR code. I HAVE to install an assembly in EXTERNAL ACCESS mode and i wish to know if the service account must have full permissions on the drive to work. My target would be to PREVENT the service account from writting and reading anywhere on the machine and instead be limited to only a specific location!!!

    If that is not possible then i'll force the user to submit only a filename and limit the user to a specific directory from inside my code but i'd like to prevent that cause a function should not limit it's usage and should do what it is supposed to do... read a file, write a file. But if it's my only option then i'll limit it from inside the function.

    So in resumé:

    1) What are the folders the MSSQLSERVER service account needs to access in a minimal way (minimum permissions and folders)
    2) How would you go securing access to a specific folder when using SQL CLR functions to read and write to files on the filesystem


    Groupe-CDGI Developper
    Wednesday, December 31, 2008 3:18 PM

All replies