-----Original Message----- From: maria-developers-bounces+wlad=montyprogram.com@lists.launchpad.net [mailto:maria-developers- bounces+wlad=montyprogram.com@lists.launchpad.net] On Behalf Of Arjen Lentz Sent: Mittwoch, 2. Februar 2011 01:41 To: maria-developers Subject: Re: [Maria-developers] Windows installer MWL#55 finished.
Hi Peter, all
On 02/02/2011, at 8:24 AM, Peter Laursen wrote:
Also isn't 'NT AUTHORITY\SYSTEM' what user account MySQL normally uses? But using \Network Service may be an improvement .. I remember we had some discussions. :-)
Could it have its own account? MSSQL probably ties in with lots of other things, mysqld is pretty self-contained and just needs network access and its local directory tree.
Hi Arjen, yes, it could. One of the problems with own account is password management - password complexity and expiration as in local/global policies. An account with no password cannot run services. If password has expired, service does not start. I believe write-restricted service (Vista feature, own security identifier per service) is exactly what a security-concerned admin would need in this case, though I did not found time yet to investigate it.