An MSA has the ability to register a Service Principal Name (SPN) within Active Directory when given read and write servicePrincipalName permissions. You cannot use a MSA to log into a computer, but a computer can use a MSA to start a Windows service. The password is managed automatically by the domain controller. It is assigned to a single member computer for use running a service. These make long term management of service account users, passwords and SPNs much easier.Ī Managed Service Account (MSA) is a type of domain account created and managed by the domain controller. Managed service accounts, group managed service accounts, and virtual accounts are designed to provide crucial applications such as SQL Server with the isolation of their own accounts, while eliminating the need for an administrator to manually administer the Service Principal Name (SPN) and credentials for these accounts. Managed Service Accounts, Group Managed Service Accounts, and Virtual Accounts To change Reporting Services options, use the Reporting Services Configuration Tool. Associated settings and permissions are updated to use the new account information when you use Central Administration. Other tools such as the Windows Services Control Manager can change the account name but do not change all the required settings.įor Analysis Services instances that you deploy in a SharePoint farm, always use SharePoint Central Administration to change the server accounts for Power Pivot service applications and the Analysis Services service. In addition to changing the account name, SQL Server Configuration Manager performs additional configuration such as updating the Windows local security store which protects the service master key for the Database Engine. When installed on a Domain Controller, a virtual account as the service account is not supported.Īlways use SQL Server tools such as SQL Server Configuration Manager to change the account used by the SQL Server Database Engine or SQL Server Agent services, or to change the password for the account. When resources external to the SQL Server computer are needed, Microsoft recommends using a Managed Service Account (MSA), configured with the minimum privileges necessary. Under you will see the recommended accounts by Microsoft to use for. managed service accounts (group managed service accounts).You can choose between the following accounts that can be configured to start SQL Server services: Configure Windows Service Accounts and Permissions
0 kommentar(er)
