Granting [NT AUTHORITY\SYSTEM] sysadmin on SQL server - Compliance/Best Practive

by user142278   Last Updated January 11, 2018 20:06 PM

New to security in general. We have a third party service which runs on SQL server host and under Local System. Since it is running under Local System, they have always given sysadmin privilege to [NT AUTHORITY\SYSTEM] on older server.

When a new server was getting build we request if you could use a service account to run the service so that permission can be granted to that specific account instead of a build in account and for whatever reason the application team does not seem to have figured out a way to make it work. Now they are asking if we could go back to giving [NT AUTHORITY\SYSTEM] permission again.

So my options/questions

  1. Grant sysadmin to [NT AUTHORITY\SYSTEM]. Probably the worst option, but I am more interested in knowing what the industry standard is about this. Does any compliance like SOX or PCI ban this?
  2. Grant more granular permission to [NT AUTHORITY\SYSTEM]. This is what I will try to do first.

So I would like know about what others do in terms of [NT AUTHORITY\SYSTEM] in SQL Server and what SOX, PCI etc compliance best practices are.

Thanks



Related Questions




Ways for a Windows Administrator to get sysadmin

Updated August 24, 2015 18:02 PM