July 25, 2012 at 7:40 am
I am currently working on a project to implement SQL hardening standards. Unfortunately, we still run a few SQL2005 servers and this is what my question is about.
At install time, the groups SQLServer2005MSSQLUser$ServerA$MSSQLSERVER and SQLServer2005SQLAgentUser$ServerA$MSSQLSERVER were automatically added to the SQLserver sysadmin role. Can this be changed to restrict rights of the service accounts or is that not advisable. (The accounts have already been removed from the local administrators group and my question is therefore only about rights within SQLserver)
I have found many links on info regarding rights of service accounts, but not one which answers this question.
July 26, 2012 at 2:26 am
Do not change them, they are the virtual accounts, for the accounts which run the SQL services.
July 26, 2012 at 2:33 am
Thanks for the answer. My question is actually if these service accounts have to be a member of the sysadmin server role since that is not the case in later versions of sql server.
July 26, 2012 at 2:42 am
They are nammed differently in 2008 but they still have SA rights, they are required for the correct operation of SQL.
You shouldnt tamper with these as SQL creates the ACL's needed for correct operation.
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply