Jason, that was exactly the sort of answer I was looking for. Thanks, it makes a lot of sense now.
On Fri, Dec 6, 2013 at 12:21 PM, Jason Sandys <[email protected]> wrote: > I concur with John. > > > > The reason it’s a security best practice is that if someone can somehow > get the SQL Server instance to run an arbitrary SQL statement – typically > through SQL injection attacks on poorly written web pages – then it is > possible for a person at that point, via SQL to execute commands in the OS > because SQL includes the ability to run commands in the shell; i.e., > directly in the OS. Now, with SQL running as the local System, the > “attacker” can now do anything they want on that system including > potentially harvesting passwords from the local SAM or other services that > do run a domain account – they essential 0wn the system now. > > > > The reason this is not applicable to ConfigMgr – at least not out of the > box – is that there is no way to inject arbitrary SQL – there simply is no > public or user accessible UI to facilitate a SQL injection attack. That > doesn’t mean you can’t create one by standing up a web service of adding > some other type of UI, but out of the box, there’s nothing. The console > doesn’t count because that’s a privileged means of access; even so, it > doesn’t allow arbitrary SQL anywhere. Neither does SSRS or the client UI. > > > > J > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Marcum, John > *Sent:* Friday, December 6, 2013 10:56 AM > *To:* '[email protected]' > *Subject:* RE: [mssms] Best practice question : SQL Logon account for > SCCM, why use Domain Account over localsystem? > > > > That's not a SCCM best practice, it's a SQL best practice. It's for > security. Personally I never do it. > > > * ------------------------------ * > > *John Marcum* > *Sr. Desktop Architect* > > *Bradley Arant Boult Cummings LLP* > ------------------------------ > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Stephen Owen > *Sent:* Friday, December 06, 2013 10:47 AM > *To:* [email protected] > *Subject:* [mssms] Best practice question : SQL Logon account for SCCM, > why use Domain Account over localsystem? > > > > Hi all, > > > > Had a client ask a question I couldn't think of an answer to. I've > heard that the best practice is to setup your SQL servers for SCCM with a > domain account, particularly the logon service. Well, why is this a best > practice? Whats good about it? > > > > I've not been able to find a consistent answer to this question, so > maybe its a good one. > > > > Thanks > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > >
