Re: Minimum rights for SQL Agent

From: Geoff N. Hiten (SRDBA_at_Careerbuilder.com)
Date: 02/25/04


Date: Wed, 25 Feb 2004 12:01:36 -0500

I disagree.

There are a large number of bad side effects if the SQL service account is
NOT a member of the local administrators group on a server. It needs to be
a domain account so you can access domain resources, but not necessarily a
domain admin. If the box is dedicated to SQL, then there is really no
seciruty risk. If not, then you are in for more problems anyway.

-- 
Geoff N. Hiten
Microsoft SQL Server MVP
Senior Database Administrator
Careerbuilder.com
I support the Professional Association for SQL Server
www.sqlpass.org
"Bruce Rhoades" <bruce.rhoades@gdsinc.com> wrote in message
news:eI8S4C0%23DHA.2484@TK2MSFTNGP12.phx.gbl...
> Hi,
> Here is a problem:
> SQL 2000 servers on Win 2000 servers in NT4 Domain
> Security  restrictions exclude Everyone group from all the shares and
> registries.
> The SQL agent  and SQL Server service accounts should NOT be Local or
Domain
> Administrative privileges.
>
> What are the minimum rights and registry access required for these
accounts
> in order to operate?
>
> Any help is greatly appreciated.
>
> Regards,
> JD
>
>