July 21, 2006 at 6:13 am
Hi, I've recently read a number of articles about the amount of access the MSSQLServer and SQLAgent services should be configured with after a SQL2000 installation. Most suggest using a domain account for each, restricting access as the account needn't be used for anything else and certainly ensuring the account is not a local administrator.
I've done some testing and found that once I've installed SQL with an domain account with local admin rights, using SQL EM I can then change the startup account to another domain account which is not a local administrator nor has it any privileges to any of the SQL DB's incl msdb and master, it'll stop/start fine.
The SQLAgent service however seems to have to be in the SQL sysadmin server role. I've tried every other combination and although you can stop/start the service with lower privilges than sysadmin, jobs won't run unless its in sysadmin.
I wondered what you guys have experienced and how you set yours up with minimum access.
Thanks very much.
July 21, 2006 at 1:12 pm
the domain account that starts and stops sql server service can be a regular domain account but must have access to all the sql server directories. I generally setup the sql agent the same way. That account should be added to the sysadmin role in sql server or you will have problems down the road.
July 24, 2006 at 9:45 am
Thanks for that Wesley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply