Why One Should Use SQL Configuration Manager (SQLCM) to Change Service Account & Service Account Password

Microsoft botched an answer about why one should use SQL Configuration Manager over Service Control Manager to change service accounts and/or service account passwords for SQL Server."If your running SQL Server 2008 or later and your running on Vista or (Window 7 or Win2K8) all resources (Folders, Files, Reg Keys, etc) are ACL'd using the […]

Microsoft botched an answer about why one should use SQL Configuration Manager over Service Control Manager to change service accounts and/or service account passwords for SQL Server.

"If your running SQL Server 2008 or later and your running on Vista or (Window 7 or Win2K8) all resources (Folders, Files, Reg Keys, etc) are ACL'd using the Service SID. Therefore, regardless of the account the service is running as it'll always have access to necessary resources.

SQLCM, however, does a bit of magic under the covers when you change the password on a service account to avoid a service restart. There was a bug in SQLCM that blocked this behavior but it was fixed in a CU (SQL Server 2008 R2 CU 4 to be exact) and here's the KB Article KB2397020 on the fix.

If you're running on SQL Server 2005 or running on earlier versions of (pre Vista; WinXP & Win2K3) ACLing is done via groups and the group membership is maintained through SQLCM. Therefore, changing the Service Account through SCM won't update the group membership and you'll run in to permission issues," explains Microsoft.

[tags]sqlcm,password[/tags]

[Source]