Post reply

Running SQL Server service using local account

  • April 19, 2010 at 8:40 am

    #219307

    Hello all,

    I am about to move my db server out of the domain, and need to run it under a local service account.

    I can get the SQL Server Service (MSSQLSERVER) running by adding that local account to the local Administrator group, but that is far from best practice.

    I came across a lot of references like 'only grant the necessary permissions to the local account', but nowhere a comprehensive list, so I am looking for a list of permissions for the local account.

    Can anyone point me in the right direction please?

    tia

    Hans

  • April 19, 2010 at 9:24 am

    #1153916

    In the meantime, I found that I have to give NTFS Read&Execute permission on the MSSQL Binn folder, and full NTFS permission on the DATA and LOG folders if I want to start MSSQLSERVER service under a local account.

    Has anyone found a combination of permissions that is less that the setup that I described here? All help is welcome.

    regards,

    Hans

  • April 19, 2010 at 12:32 pm

    #1154084

    did you use configuration manager to change the account SQL runs under. Doing it that way should assign all the permissions necessary.

    ---------------------------------------------------------------------

  • April 19, 2010 at 1:37 pm

    #1154121

    George has the best advice. Use the configuration manager to assign the account. It will assign the permissions needed.

  • April 20, 2010 at 2:05 am

    #1154373

    Yes, I used the configuration manager; when I tried to change the account, the configuation manager came back with an error message (WMI provider error [call to WMI provider error returned error code: 0x800742a2]).

    Only after I added my local account to the local administrator group, I could change the account. I was also able to start up MSSQLSERVER service.

  • April 20, 2010 at 3:38 am

    #1154419

    I have only seen that WMI message after a server rename and the local SQL accounts were orphaned,

    e.g. server\SQLServer2005MSSQLUser$server$MSSQLSERVER

    check those accounts out for file permissions (their sids will appear but greyed out.)

    (If it works after adding to local admins its definitely apermissions issue)

    ---------------------------------------------------------------------

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply