Options
Per-Service SIDs
Hello All,
I've just recently jumped on the Windows 2008 bandwagon, and I've been looking at some of the new security aspects of the O/S and have come across per-service SIDs. From the sound of it, per-service SIDs provide excellent isolation as services are now given SIDs (like user accounts and security groups) to isolate service access to objects using DACLs.
However, I am not totally clear on how they can be used (i.e. with SQL -- Setting Up Windows Service Accounts). Has anyone on here used per-server SIDs? What is their affect on the use of service accounts and registering/using service principal names (SPNs)?
Thanks,
Jimmy
I've just recently jumped on the Windows 2008 bandwagon, and I've been looking at some of the new security aspects of the O/S and have come across per-service SIDs. From the sound of it, per-service SIDs provide excellent isolation as services are now given SIDs (like user accounts and security groups) to isolate service access to objects using DACLs.
However, I am not totally clear on how they can be used (i.e. with SQL -- Setting Up Windows Service Accounts). Has anyone on here used per-server SIDs? What is their affect on the use of service accounts and registering/using service principal names (SPNs)?
Thanks,
Jimmy