I had set up a new SQL Server and used the same domain user account for SQL Service and SQL Browser.The account is added to the SQLServer2005SQLBrowserUser$[ComputerName] local group. Later noticed setup set “Deny access to this computer from the network.” local policy right to this account.Now no other server that is using same account can talk to newly installed SQL server. Why exactly it has been done this way?
Since SQL Browser is a service listening to unauthenticated UDP messages, the goal was to make the service running account as restrictive as possible. This has been documented in the BOL: http://msdn2.microsoft.com/en-us/library/ms181087.aspx
Wednesday, November 08, 2006
Subscribe to:
Posts (Atom)