Eric Swanson on Technology Services

Windows Service Accounts: Finally Avoid the Maintenance Nightmare!

03 June 2010 | Eric Swanson | Development, Microsoft, Operating Systems, Virtualization | Tags: IIS, Infrastructure Management, Microsoft, Security, SharePoint, SharePoint 2010, SQL Server, SQL Server 2008, SQL Server 2008 R2, User Accounts, windows, Windows 2008 R2, windows 7, Windows Server, Windows Server 2008, Windows Server 2008 R2

You either love or hate “Local Service”, “Network Service”, and “Local System”. Have you ever avoided setting up individual Service Accounts for SQL Server, IIS, SharePoint, or other enterprise applications and simply defaulted these built-in accounts? Perhaps you didn’t know that it’s “best practice” to use domain accounts for these services. Or, perhaps you knew and wanted to avoid the maintenance overhead of updating passwords constantly per company policy.

In my experience, what you use will vary based on the hat you like to wear most:

IT Pro – Knows they should setup separate service accounts, but wants to avoid maintenance. So, they use the built-in accounts unless someone complains enough. Some may have even gotten smart about it and written scripts to automate account password updates every month.
Developer – Ignore the opportunity to setup separate accounts, find the install process complicated or burdensome so they skip this step, or they don’t know better, so they setup the service to use one of the built-in accounts
Security – Wants to use separate service accounts as a policy, but can’t seem to keep the IT Pro or Developer compliant!

In addition to this basic problem, separate environments for development, testing, staging, and production sometimes require different account credentials! All of this has been exacerbated in recent years by investments in clustering and virtualization. More servers with more services and more accounts to maintain…

In response to this problem, Microsoft released new features in Windows Server 2008 R2 and Windows 7 called Managed Service Accounts and Virtual Accounts.

Finally! Improve service isolation, increase account security, eliminate administration and support growth of your infrastructure! Read “What’s New in Service Accounts in Windows Server 2008 and Windows 7”.

2 Responses to “Windows Service Accounts: Finally Avoid the Maintenance Nightmare!”

1 Brandon Says:
June 9th, 2010 at: 8:50 am
Couldn’t agree more - those lazy developers!! I’m a developer and I do know better but still almost always go with the default accounts at first anyways. Not sure why though - the setup time is when it’s easier to set up security and accounts properly compared to trying to change them once the server is running in production.
2 Eric Swanson Says:
June 9th, 2010 at: 9:18 am
Yup. Hey, I never commented on your summary of the Scott Guthrie event (because I was there), but great work.

Windows Service Accounts: Finally Avoid the Maintenance Nightmare!

2 Responses to “Windows Service Accounts: Finally Avoid the Maintenance Nightmare!”

Leave a Reply

Quote

RSS

The Official Microsoft Blog » Weekend Reading: May 24th Edition – The world meets Xbox One, and Windows Azure heads to Asia

The Official Microsoft Blog » Xbox One, Azure and the creative power of the cloud

Forrester Blogs » The Data Digest: The Multitasking Behaviors Of US Online Youth

Forrester Blogs » Citrix Takes Big Leaps Forward with Digital Workspace Delivery

News@Cisco: Press Releases and Features » Goldman Sachs and Cisco to Host Conference Call on Cisco's Cloud Computing Strategy

Forrester Blogs » Amazon’s Kindle Fire HD: A Stealth BYOD Tablet Competitor

News@Cisco: Press Releases and Features » Chinese Cable Operator Zhejiang Wasu Taps Cisco for 100 Gigabit Backbone

News@Cisco: Press Releases and Features » Media Alert: Cisco to Webcast Annual Visual Networking Index (VNI) Global IP Traffic Forecast 2012-2017 Results

Forrester Blogs » In A World Where Mobile Devices Can Smell, Architecture Matters More

The Official Google Blog » Capturing the beauty and wonder of the Galapagos on Google Maps

Forrester Blogs » Want to win an iPad and get hardcore data on access recertification? Take the UBC-Forrester Access Recertification survey!

ZDNet | Tech Broiler Blog RSS » On PC homebrewing death and dying

The Official Microsoft Blog » Microsoft announces major expansion of Windows Azure services in Asia

Forrester Blogs » Want Better Customer Experiences? Adopt The Six Disciplines Of CX Maturity

Forrester Blogs » Why do you have a sales force?

Forrester Blogs » Why do you have a sales force?

Forrester Blogs » CLOUD SECURITY - EXPECT ACCELERATED DEPLOYMENTS DUE TO STRONG MOVES BY PROVIDERS TO IMPROVE SECURITY

Forrester Blogs » Walmart Takes Contextual, Pragmatic Approach To Mobile

Forrester Blogs » Segmenting Your Workforce Will Actually Drive Innovation

The Official Google Blog » “Coming Home” by Wisconsin student wins U.S. 2013 Doodle 4 Google competition

Forrester Blogs » Don't Confuse Tablet And Mobile Marketing

The Official Google Blog » Top Charts in Google Trends—The most searched people, places and things

The Official Microsoft Blog » The best in devices and services, together as Xbox One

Forrester Blogs » Embrace Workplace And Workspace Diversity Now

Forrester Blogs » VMware Targets I&O Buyers With Hybrid Cloud Service

@ericis Twitter Updates

Categories

Blogroll

Recent Posts

Recent Comments

Delicious Tags

Content Disclaimer

Archives