February 17, 2009 at 12:07 pm
We are performing a clean install of sql server 2005 (64-bit) on a Windows 2003 server and are having issues with starting the agent. (We are using Veritas clustering services as well).
When we add the service account to local admin, it works fine. What are the only reasons I would need local admin? I would like to stay away for an extra permissions. All I can find is that local admin is need to restart the sql agent service - which I do not need being it is on a cluster. Is local admin permissions needed for anything else under the sql agent service account?
I'm haivng the server admin folks check the permissions of the sql agent account by looking at the following article:
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811
and
http://msdn.microsoft.com/en-us/library/ms143504(SQL.90).aspx
February 17, 2009 at 12:52 pm
on clusters, generally you need local admin right for SQL Server to run properly. But if you dont want to give sqlserveragents local admin rights, think of creating local group or user which should have following rights:
Act as Part of the Operating System = SeTcbPrivilege
Bypass Traverse Checking = SeChangeNotify
Lock Pages In Memory = SeLockMemory
Log on as a Batch Job = SeBatchLogonRight
Log on as a Service = SeServiceLogonRight
Replace a Process Level Token = SeAssignPrimaryTokenPrivilege
You can try using this one, but some times, SQL Server services may need access to some registry keys or local folders, in that case you need to assign the rights to all of them. Other wise agent will be having issues in starting up.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply