SQLMAIL Setup Help 1

[bikerboy718]

I am running sql server 2000 Developers Edition. For security reasons I have set the services to start under the local systems user account. I tried to configure SQLMail with a mapi profile of the computer it is installed on but it will not except it. What is the best way for me to configure SQLMail? Any help would be greatly appreciated.

With Great Power Comes Great Responsibility!!!

Michael

 

[mrdenny]

For SQLMail you need to setup the SQL Service to run under a domain account. Running under a domain account is more secure than running under the system account.

Here is my FAQ on setting up SQLMail faq962-4452.

The reason that I say that running under a domain account is more secure is because you can control what access the SQL Server has access to on the server. When running as the system account the SQL Server is an admin on the server, and you can't restrict access from the SQL Server. (You can, but it's not recommended to reboke access to the local system account, because who knows what that would to do the server in the long run.)

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

 

[bikerboy718]

mrdenny, thanks for the help. This does bring up a question though. I thought that it was a bad thing to start up services under an account that had administrative privledges. Or should I just not start the services under the administrator account? I am trying to fiqure out the most secure way to setup a sql server and I was told that for security purposes it is best to start the services under the local system account. But then came my sqlmail dilemna.

With Great Power Comes Great Responsibility!!!

Michael

 

[mrdenny]

Services should be started with the least permissions needed for the service to do it's job correctly. SQL 2000 doesn't need admin rights to run. It needs to be granted the "logon as a service" right and the "Act as part of the operating system" right. You shouldn't ever start services with the local admin account, especially never with a domain admin account.

Starting a service with the local system account is basically the same as starting the service with the local admin account.

Granted most companies will setup there NT account that runs SQL as an admin on the server to make life easier, but it isn't required. Many companies will setup the SQL account as a domain admin, which is just dangerous.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

 

[bikerboy718]

I see what your saying. After reading your original post I know where the confussion was. When you said domain account i was thinking domain admin account. After rereading both posts it bcame clear. So just create a domain user account with the rights to start service as well as a email account. I can also limit the accounts rights and privledges. Thanks for all your help.

With Great Power Comes Great Responsibility!!!

Michael

 

[mrdenny]

Yep, that's the idea.

No problem.

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com