May 18, 2011 at 2:30 am
Hello,
Quick question for you all, do you tend to add your (Standard Domain User) SQL engine and agent service accounts to the local administrators group?
I have seen some do this, and others not so just wondered what the good word is.
Regards,
D.
May 18, 2011 at 2:37 am
Best practice will be your sql server service and agent accounts not to be the local administrative group.
Ryan
//All our dreams can come true, if we have the courage to pursue them//
May 18, 2011 at 3:16 am
Thank you, this is what I suspected.
Regards,
D.
May 18, 2011 at 3:24 am
Don't add SQL Server or SQL Agent service account to Local Administrator group.
Use SQL Server Configuration Manager to manage the sevrvice accounts. It grants the reqired minimum privilages to the service accounts.
May 18, 2011 at 3:38 am
The best practice is to create a Domain account for each service and use this account as a service account and run the services with these accounts.
Also for getting the admin previlages to your domain account, its recommended to create a group at AD level and assign the users who needs high level previlages, then create this group as a login in SQL Server and assign the required permissions.
Have a nice day!
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply