Default user service account

This metric checks whether SQL Server services are running under any of the default accounts, such as localsystem. Using a default account for SQL Server services can be a security risk.

Install metric...

Metrics install automatically if you have SQL Monitor installed.

If you are using Redgate’s SQL Server monitoring tool, SQL Monitor, you can instantly install and run this metric on your servers.

This metric checks whether SQL Server services are running under any of the default accounts, such as localsystem.

Using a default account for SQL Server services can be a security risk for two reasons. Firstly, it can give the service a higher level of permissions than it needs. Secondly, isolation is compromised by several services running under the same account. It means that, if one of the services is compromised, all the others running under the same account are vulnerable too.

The associated alert will be raised if you’ve used a default user account instead of a domain account.

Metric definition

Name

Default user service account

Description

This metric checks whether SQL Server services are running under any of the default accounts, such as localsystem. Using a default account for SQL Server services can be a security risk for two reasons. Firstly, it can give the service a higher level of permissions than it needs. Secondly, isolation is compromised by several services running under the same account. It means that, if one of the services is compromised, all the others running under the same account are vulnerable too.

The T-SQL query that will collect data

Instances to collect from

Select all

Databases to collect from

master

Collection frequency

86400

Use collected or calculated values

Leave the Use a calculated rate of change between collections check box unchecked

Metric collection

Enabled

Alert definition

Alert name

Insecure user account

Description

This alert will be raised if you’ve used a default user account instead of a domain account. Isolating services reduces the risk that one compromised service could be used to compromise others. Run separate SQL Server services under separate Windows accounts. Whenever possible, use separate, low-rights Windows or Local user accounts for each SQL Server service. For more information, see Configure Windows Service Accounts and Permissions. http://msdn.microsoft.com/en-us/library/ms143504.aspx

Raise an alert when the metric value goes

Above the defined threshholds

Default threshold values

High:0
Medium:
Low:

Raise an alert when the threshold is passed for

1 collection

Alert is

Enabled