SQLTeam.com | Weblogs | Forums

Proxy Account vs Service Account

What exactly the differences between the two type of accounts and when to use which? From researching, I read that Proxy should be used at a minimum to prevent security issues.


They could be the same depends.
A service account should be a dedicated AD user that could be provided to you by sysAdmin or AD admin. Usually some use a specific nomenclature to differentiate them from other AD accounts for example by adding a prefix svc-.
When installing sql server it is recommended so that it runs using some specific service account with a bit more elevated perms than another service account say being used for example running an application or an ssis package etc. That way if someone with malicious intent gets hold of your ssis package or application they wont use it to say Drop database Company.
So if you build an ssis package that runs with no proxy account with less perms, it will run using the service account being used for sql integration Service.

Also recommended you do not use same service accounts in prod and preprod environments.
Prod svc-sqlserverservice
Pre peod svc-preprodsqlservice