Re: SQL \ windows account

From: Jasper Smith (jasper_smith9@hotmail.com)
Date: 01/09/03


From: "Jasper Smith" <jasper_smith9@hotmail.com>
Date: Thu, 9 Jan 2003 21:05:25 -0000


If you're paranoid (and if not why not :-) ) then
you want to use the principle of least privilege,
so just a bog standard user is fine. The install process
or Enterprise Manager takes care of making sure
that the account has the necessary rights, file and
registry access etc. That's why it's always best to use
EM to change the service accounts rather than the
Services applet in Control Panel.

-- 
HTH
Jasper Smith (SQL Server MVP)
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"GS" <Gennadiy.sayenko@med.nyu.edu> wrote in message
news:2a6101c2b7f4$145c9430$8df82ecf@TK2MSFTNGXA02...
> Can the account to run SQL server belong to USER group or
> it is better to have it as "POWER USER" built in group.
> Thanks.
>
> >-----Original Message-----
> >SQL Service account absoloutely does NOT have
> >to be a member of the local administrators group.
> >For some functionality, SQL Agent service does
> >require membership of the administrators local group
> >and it can cause more problems than it's worth not
> >to make it a local admin, certainly in some replication
> >scenario's. The rights required by the SQL Service
> >will be granted to the accoun you designate upon
> >install or if you use Enterprise Manager to change
> >the service account. It is best to use a dedicated
> >account where the password doesn't expire and the
> >user can't change the password options set.
> >
> >-- 
> >HTH
> >
> >Jasper Smith (SQL Server MVP)
> >
> >I support PASS - the definitive, global
> >community for SQL Server professionals -
> >http://www.sqlpass.org
> >
> >"Gennadiy" <Gennadiy.sayenko@med.nyu.edu> wrote in message
> >news:1fd901c2b749$1f043420$89f82ecf@TK2MSFTNGXA01...
> >> I know it is not a good idea to let SQl Server and SQL
> >> Agent run under System account.
> >> Why it is better to have it under local administrator
> >> account (which also has full permissions)?
> >> I happened to be a box and DB admin and i have a local
> >> admin account which i use. Shell i create another admin
> >> account to separate SQL from Windows, if yes, then WHY?
> >> It is still me? Should i run SQL server under other
> >> accounts with limited permissions ( like power user )?
> >> Any help is greatly appreciated.
> >> GS
> >>
> >
> >
> >.
> >


Relevant Pages

  • Re: Password management policy when an admin left the company ?
    ... If not i think you have to check any server which service account is used. ... several admin and services accounts stored ... As he had access to the protected file containing every passwords, ...
    (microsoft.public.windows.server.security)
  • Re: 2005 Enterprise sp 2 install fails - 11009
    ... Q...Was your SQL Server service account a domain administrator account? ...
    (microsoft.public.sqlserver.setup)
  • Re: Domain Admin
    ... the account you are using to look at it ... > Make sure you have logged in to each node using the install and service ... > I support the Professional Association for SQL Server ... The login being used to install SQL Server is a local admin ...
    (microsoft.public.sqlserver.clustering)
  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)
  • Re: SharePoint V3 Install Error
    ... But it our case it had to do with Group Policies that forbid the account of ... WSS FAQ:www.wssv3faq.com/wss.collutions.com ... Event Source: WindowsSharePointServices3Search ... whatever you are installing WSS as sufficient rights to the SQL Server ...
    (microsoft.public.sharepoint.windowsservices)