Sql-server – Moved database to new server, not sure about NT AUTHORITY\* users

sql serversql-server-2012users

I just moved database to new instance of SQL Server (SQL Server 2012 Web from Amazon EC2) and am now cleaning up database users.

I am not sure if/why these 2 users are needed (they exist in original database):

NT AUTHORITY\IUSR
NT AUTHORITY\NETWORK SERVICE

Note that there are also 2 database schemas with exactly the same names.

I am more clear on NT AUTHORITY\IUSR – this seems to be a user for IIS. IIS is not even installed on the new instance, so this one probably can be deleted.

I am not sure about NT AUTHORITY\NETWORK SERVICE (or how it got created to begin with – new databases created on new server don't have it, or NT AUTHORITY\IUSR)

Neither of these 2 users exist at server level on a new instance or on an old instance.

Best Answer

These users are built in accounts to Windows and they're usually hidden from view. If you know that your application isn't using those users then you can delete them.

However, it sounds like you're moving a database that was used in ASP.Net applications. ASP.Net does use both those accounts under the hood. NT AUTHORITY\IUSR for anonymous access and NT AUTHORITY\NETWORK SERVICE is used in ASP.Net application pools. If that's the case, make sure that you no longer need to access the database you moved with ASP.Net and you'll be golden.

http://www.iis.net/learn/get-started/planning-for-security/understanding-built-in-user-and-group-accounts-in-iis

https://msdn.microsoft.com/en-us/library/ff647402.aspx

Best Answer

Related Solutions

Sql-server – Looking for example design of using an SQL database as a queue for throttling web service requests of multiple users

Sql-server – Error 18456 error severity 14 state 5 SQL Server 2012 SCCM2012 SP1

Related Question