In doing research for the Service SID posting, I encountered some odd things about service names, service user group names and services. I said I'd write about these; this is the followup post.
Most of the information about Windows Services, Service Accounts, and user groups that are created for SQL Server services (for security purposes) is documented in the SQL Server Books Online.This would be: http://msdn.microsoft.com/en-us/library/ms143504(SQL.90).aspx for SQL Server 2005. Replace the SQL.90 portion of the URL with SQL.100, SQL.105, and SQL.110 for SQL Server 2008, 2008 R2, and Denali respectively.
The Service SID always follows the service name, which is usually (but not always) related to the service group name. However there are some idiosyncrasies.
Given a machine name of ZMV08, with a default instance and a named instance called SQLDEV01..
– The browser service user group is always called SQLServer2005SQLBrowserUser$ZMV08
– Reporting service user groups changed in SQL Server 2008 R2
SQLServerReportServerUser$ZMV08$MSRS10.MSSQLSERVER for SQL Server 2008 default instance
SQLServerReportServerUser$ZMV08$MSRS10_50.MSSQLSERVER for SQL Server 2008 R2 default instance
In Denali, its back to SQLServerReportServerUser$ZMV08$MSRS10.MSSQLSERVER, but I bet that changes before RTM.
– The name of the SSIS service changes
MsDtsServer in SQL Server 2005
MsDtsServer100 in SQL Server 2008 and SQL Server 2008 R2
MsDtsServer110 in SQL Server Denali
Again, the service SID name always reflects the service name
– The name of the SQL Server Active Directory Helper service is similar to the SSIS service
MSSQLServerADHelper in SQL Server 2005
MSSQLServerADHelper100 in SQL Server 2008 and R2
This Service has been removed from SQL Server Denali
– The user group SQLServerFDHostUser$ZMV08$MSSQLSERVER does not contain any users, regardless of the usage or non-usage of Service SIDs
And, although BOL says otherwise, this name does not appear to be release-dependent, The name of the service is MSSQLFDLauncher, rather than FDHOST.
– The service user group for SQL Server Active Directory Helper, which DOES use a Service SID, does not contain either the Service SID or the service account user name. Instead, this group contains NT AUTHORITY\NETWORK SERVICE and NT AUTHORITY\SYSTEM.
The point of this whole exercise was to point out that scripts (like a custom PowerShell script, for instance) that use these names may need to take version into account. I hope this helps.