Is there a security risk of using a machine account as a SQL logon?

David C 191 Reputation points

What is the security risk of using a machine account as a SQL login? The dev team I support needs an account to use as the application pool identity for their Windows IIS web service. I prefer not to give them a domain service account if possible as the credentials will end up in a web config text file in clear text. There are articles that cover use of machine account to access remote SQL database, but I'm still not clear on the security implications.

SQL Server
SQL Server
A family of Microsoft relational database management and analysis systems for e-commerce, line-of-business, and data warehousing solutions.
13,099 questions
{count} votes

2 answers

Sort by: Most helpful
  1. ZoeHui-MSFT 34,581 Reputation points

    Hi @David C,

    I would recommend creating a service account or accounts, preferably Windows logins, then grant each account rights appropriate to its purpose.

    The following recommendations and best practices help secure your identities and authentication methods:

    • Use least-privilege role-based security strategies to improve security management.
      • It's standard to place Active Directory users in AD groups, AD groups should exist in SQL Server roles, and SQL Server roles should be granted the minimum permissions required by the application.
    • Choose Active Directory over SQL Server authentication whenever possible, and especially choose Active Directory over storing the security at the application or database level.
    • If a user leaves the company it is easy to disable the account.
      • It is also easy to remove users from groups when users change roles or leave the organization. Group security is considered a best practice.

    Check it out here: SQL Server security best practices


    Zoe Hui

    If the answer is helpful, please click "Accept Answer" and upvote it.

  2. Erland Sommarskog 103.8K Reputation points MVP

    If you grant access to the machine account, this means that any service running on the machine under Network Service, NT Service\something etc will be able to access SQL Server. This also means that a user with a local account on the computer will be able to access SQL Server with the same credentials. Furthermore, if this machine has its own SQL Server instance, and there is a linked server to the "real" SQL Server instance, access through a linked server will be possible if Kerberos is not working.

    In other words, this is not to recommend.

    I'm not sure why there would be an issue with having the web server running under a domain account. Why would the credentials for the service account appear in web.config?

    0 comments No comments