July 1, 2009 at 7:25 pm
Our SQL 2005 server is running under a 2003 active directory domain.
The SQL server service is running under the local system account.
Since running the SQL server service with a domain account is a best practice, I was wondering, does the domain account need to be at least in the local administrator's group on the SQL server?
What else do I need to change after changing the SQL server service account from the system to a domain account?
July 1, 2009 at 10:36 pm
The only reason for an service account to be a local administator is if you need the service to be able to do something with that level of privilege. For the normal operation of SQL Server, this is not necessary.
If you used one of the tools supplied with SQL Server (e.g. SQL Server Configuration Manager) you do not need to do anything else because this tool does all the checks and settings required. If you used the Services control panel applet, you may be better off undoing that change and re-doing it with Configuration Manager.
July 13, 2009 at 6:21 pm
Thank you!
July 13, 2009 at 11:18 pm
Please refer http://msdn.microsoft.com/en-us/library/ms191543.aspx for details.
July 15, 2009 at 5:44 am
There is a choice:
1) You can be lazy and put the SQL service account in the local Administrators group. In this situation you give SQL Server more rights than it needs and open up some security holes in your system.
2) You give the service account the rights it needs, and do NOT put the account into the local Administrartors group. In this situation you will need to read BOL to see what rights are needed, but you end up with a more secure system.
Likewise for DBA accounts - there is no need for a SQL Server DBA to have local Administrator rights if they are given the rights needed for them to do their job.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply