Microsoft KB Archive/818374

= INF: SQL Server 2000 SP3 Creates a SQLDebugger Windows User Account =

Article ID: 818374

Article Last Modified on 7/7/2003

-

APPLIES TO


 * Microsoft SQL Server 2000 Service Pack 3

-



SUMMARY
When you install SQL Server 2000 Service Pack 3 (SP3), a Microsoft Windows user account named SQLDebugger is created. This article discusses the SQLDebugger account, including when the account is created, the default permissions that are assigned to the account, and when the account is used.



MORE INFORMATION
The SQLDebugger Windows user account is created when the SQL Debugger Registry2 DCOM server process (Sqldbreg2.exe) is registered. By default, SQL Server 2000 SP3 registers this process, and the SQLDebugger Windows user account is created.

SQL Query Analyzer includes T-SQL Debugger. By using T-SQL Debugger, you can control and monitor how stored procedures run. T-SQL Debugger uses the SQLDebugger Windows user account to connect to the database server.

Microsoft Visual Studio .NET applications use SQL Server Debugging to debug SQL Server stored procedures. The SQLDebugger Windows user account is also created when you install Visual Studio .NET.

Note The SQLDebugger account is created by using a strict random password policy for security purposes. If the password does not comply with the effective local password complexity policy, the SQLDebugger account is not created and the DCOM server is registered to run under the interactive user account. This prevents SQL Server Debugging from working correctly when you run Visual Studio .NET in the Terminal Services client session.

The SQLDebugger Windows user account has the following characteristics :
 * It belongs to the built-in Windows Users group.
 * It does not have local logon rights.

Note The Deny logon locally security setting is set for the SQLDebugger account.
 * You can log on to the SQLDebugger account by using a batch-queue facility.

Note The Log on as a batch job security setting is set for the SQLDebugger account.
 * By default, the User cannot change password and Password never expires options are set.

System users do not have default permissions to use this Windows user account to explicitly connect to the computer running SQL Server.

Warning Microsoft recommends that the administrator of the computer where the database server is installed and the database administrator should not give any explicit permissions to this account. Explicit permissions to this account may lead to security vulnerabilities.

If you do not want to use SQL Server Debugging against the computer running SQL Server, you can delete the SQLDebugger Windows user account. For additional information about how to enable SQL Server Debugging, click the following article number to view the article in the Microsoft Knowledge Base:

318632 FIX: SQL Debugging May Fail Because of Strict Local Password Complexity Policy

