AD Accounts Are Great, But…

Using Windows Authentication for your database is a great best practice to follow.  However, one caveat to remember as one of my administrators found out today.  Do not use that account as a login if it is also the account you use for your database. 

We setup an AD account for his database, that part is great.  He thought that was also the account to use as his application administrative account.  Not a good idea because when he fat fingered the password this morning a few times, as people tend to do on Monday mornings when their coffee hasn’t fully kicked in, he locked out his application as well as the database sending 150 alert messages all over the department.  This set off a chain reaction where he rebooted his server after unlocked the account and proceeded to call me and tell me that SQL was down and sounded the sky is falling alarm.  He overreacted essentially. 

When I figured out what he did, I explained the situation and told him that he needed another AD account for his application or I could setup another one for his database.  He said he installed his application under that account and cannot change either one.  Not the best scenario, but every time you fat finger the account you will bring the world down upon you.  Your choice.  He chose the road well traveled unfortunately.  Enjoy!

Advertisements

About SQLGator

Florida Gator and Microsoft Data Platform MVP, Star Wars fanatic and is there anything else...oh yeah PS4! I am a geek and SQL Server DBA who dabbles with VMWare, there are other technologies greater than these? Not so fast my friend! I also love to travel to new and exotic places.

Posted on July 16, 2012, in Security, Troubleshooting and tagged , . Bookmark the permalink. 2 Comments.

  1. Elizabeth Watson

    This is also a test

  2. That’s a good one! I prefer to not share the password and put it in the windows service myself (or wherever they need it). But some people don’t like that. MSAs will be nice in 2012, might help prevent that.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: