You work as the database administrator at Domain.com. The Domain.com network consists of a single Active Directory domain named Domain.com. All servers on the Domain.com network run Windows Server 2003 and all client computers run Windows XP Professional.
The Domain.com network contains a SQL Server 2005 database server named Certkiller -DB01. The database instance running on Certkiller -DB01 uses the Active Directory account named CK_db01. You need to enable one of the databases to accept Simple Object Access protocol (SOAP) requests. You plan to accomplish this by creating a Hypertext Transfer Protocol (HTTP) endpoint that uses Kerberos authentication. You need to ensure that the Service Principal Name (SPN) is automatically associated with the database instance running on Certkiller -DB01.
What should you do?
A.
Configure the SQL Server service on Certkiller -DB01 to use the Local Admins account.
B.
Configure the SQL Server service on Certkiller -DB01 to use the Local Service account.
C.
Configure the SQL Server service on Certkiller -DB01 to use the Local System account.
D.
Configure the SQL Server service on Certkiller -DB01 to use the Network Service account.
Explanation:
To ensure that the Service Principal Name (SPN) is automatically associated with the instance running on Certkiller -DB01 you must configure the SQL Server service to use the Local Service account. A service that uses the Local System account can access all resources on the local computer as well as resources on the network.
Incorrect Answers:
A: The SQL Server service should be run with the lowest possible privileges.
B: The Local Service account has limited access to resources on the computer and uses a null session with anonymous authentication to access network resources.
D: The Network Service account has limited access to resources on the computer but can access resources on the network.
Reference:
Microsoft SQL Server 2005 Books Online (2006), Index: SPNs [SQL Server] Microsoft SQL Server 2005 Books Online (2006), Index: Service Principal Name