March 30, 2009 at 9:39 am
Hello,
I am trying to establish best practice for our servers. I want to run the SQL agent under a separate account from the administrator and the same for the SQL Server Agent. BOL simply says you should use the minimum amount of permissions. But what is the minimum amount of privileges that the SQL agent can run under?
March 30, 2009 at 9:48 am
Use the SQL Server Configuration Manager to add / modify any of the SQL service accounts. That will setup the appropriate permissions for the service accounts.
March 30, 2009 at 9:56 am
I know I may be being stupid here, but I cannot see how you add a new account via SQL config manager. Should I create the account in Windows then assign the service to it and it will give the account the necessary permissions ?
March 30, 2009 at 10:00 am
That is correct. The domain account will need to exist before you can add it via SQL Config Manager.
Outside of the account creation and assigning it to the service account via Configuration Manager, I provide the account the Read / Write SPN permission on the domain. Alternately, you can have a domain admin manually register the SPN for you.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply