Running SQLServer and SQLServer Agent as Power User

From: gbledsoe (gbledsoe_at_discussions.microsoft.com)
Date: 03/24/05

Next message: Alek: "Re: encrypt sensitive data"
Previous message: David: "Re: Web and SQL Security"
Next in thread: Dazza: "Re: Running SQLServer and SQLServer Agent as Power User"
Reply: Dazza: "Re: Running SQLServer and SQLServer Agent as Power User"
Reply: Hansde Bruin: "Re: Running SQLServer and SQLServer Agent as Power User"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 24 Mar 2005 08:25:02 -0800

We're trying to limit the number of user accounts with Admin level permission
on our Win2K servers, especially SQL servers. We have created a domain level
account to run SQLServer and SQLAgent. We'd like to limit it to Power User
status instead of Admin status on the servers, but we cannot seem to start
and stop the services from SEM with only Power User status. We've checked
registry key permissions and everything seems to be configured properly. Is
this configuration even possible? Or does this account NEED to be local admin
on the server? Help would be appreciated. Thanks.

Next message: Alek: "Re: encrypt sensitive data"
Previous message: David: "Re: Web and SQL Security"
Next in thread: Dazza: "Re: Running SQLServer and SQLServer Agent as Power User"
Reply: Dazza: "Re: Running SQLServer and SQLServer Agent as Power User"
Reply: Hansde Bruin: "Re: Running SQLServer and SQLServer Agent as Power User"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Forest to Child -- Permissions
... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
(microsoft.public.windows.server.dns)
Re: Forest to Child -- Permissions
... My account can login to all the DCs and has full administrator priv. ... first DC in the root. ... the member servers only ... never happen unless some admin has been mucking about. ...
(microsoft.public.windows.server.dns)
Re: Running SQLServer and SQLServer Agent as Power User
... > We're trying to limit the number of user accounts with Admin level permission ... > on our Win2K servers, ... Or does this account NEED to be local admin ... although not all sql feature are available. ...
(microsoft.public.sqlserver.security)
Re: Running SQLServer and SQLServer Agent as Power User
... The account that starts the services needs to have the "log on as a service" ... Without this MSSQLServer and MS SQL Server Agent will not start. ... Also why would you want end users to have admin rights on the server at all? ... > on our Win2K servers, ...
(microsoft.public.sqlserver.security)
Re: securing windows 2003 server after someone has left the company
... Change all the Admin passwords (servers, routers, workstations, etc.) ... Change the password on his/her his former account and disable it. ... Audit the systems again - make sure that there are no logging systems ...
(microsoft.public.windows.server.sbs)