Hi all
(This is really about the EDB installer, but we don't have anywhere
better to discuss it than -general, so):
The PostgreSQL installer now uses the NETWORKSERVICE account on Windows
by default (as of 9.2), instead of creating a "postgres" account with
username and password. Which is a big improvement to usability.
I recently found out that on Windows 7 / win2k8 R2 and newer there's now
a better alternative available: virtual accounts and managed service
accounts. They combine the benefit of avoiding all that password
management cruft with the ability to run services in less-privileged,
better isolated accounts.
See "New Account Types Available with Windows 7 and Windows Server 2008
R2" in
http://msdn.microsoft.com/en-au/library/ms143504.aspx
particularly "virtual accounts".
If that looks a lot like a UNIX "system account", you're not mistaken.
It looks like Microsoft have finally figured out that it'd be nice not
to need a password for a background system service and to have to then
store that password somewhere on the same system.
It may be worth adopting this when the installer detects a Windows 7 /
Win2k8 R2 or newer system - just create an account like:
NT Service\PostgreSQL$EDB-9.4-x86
(or whatever name will get rid of conflicts) and use that instead of
NETWORK SERVICE.
--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services
