Thursday, November 15, 2012

The default service accounts in SQL Server 2012 (NT Service\MSSQLServer, NT Service\SQLSERVERAGENT)





The default service accounts in SQL Server 2012 (NT Service\MSSQLServer, NT Service\SQLSERVERAGENT)
Few days back I realised that Microsoft had added few service account to Windows 7 and Windows Server R2 to support SQL server 2012. When SQL server 2012 is installed the accounts (NT Service\MSSQLServer, NT Service\SQLSERVERAGENT)  are created under the cover to as the default SQL service accounts  for the SQL Server service and SQL server agent service respectively.
These accounts are called virtual account for windows. Unlike the traditional windows accounts they can’t be used to log into any environment as they work  below the authentication layer of windows and does not have a password.
Virtual accounts in Windows Server 2008 R2 are managed local accounts that provide simplified service management. The virtual account is auto-managed and has limited access to the network in a domain environment. However Virtual accounts cannot be used in certain scenarios, particularly for failover cluster instances due to limitations on the Virtual account.

You can find further details on the possible limitation when assigning MSA(Managed Service Account) and virtual accounts for SQL SERVER Service in the security note on the following
link http://msdn.microsoft.com/en-us/library/ms143504%28SQL.110%29.aspx

No comments:

Post a Comment