Re: Securing SQL Server after administration installation
From: Sue Hoegemeier (Sue_H_at_nomail.please)
Date: 10/06/05
- Next message: Owe Armandt: "Domain group accounts"
- Previous message: Keith Wilson [MSFT]: "Re: Impact of Changing Authentication Mode"
- In reply to: wickedw: "Re: Securing SQL Server after administration installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 05 Oct 2005 19:24:40 -0600
You don't always have to have the account in the local
admins group and more people are moving away from adding the
service accounts to the local administrators group as
security gets tighter at most companies but probably most
places still follow the standard of having it in the local
admins group.
In terms of the actual permissions the service account
needs, you can find them all outlined in the following
article:
HOW TO: Change the SQL Server or SQL Server Agent Service
Account Without Using SQL Enterprise Manager in SQL Server
2000
http://support.microsoft.com/?id=283811
You can use the Local Security Policy snap in to view the
rights. From the run command from the start button,
type in secpol.msc
For registry permissions, use Regedt32.exe if SQL Server is
on Windows 2000. Use Regedit.exe if on Windows 2003. You can
use Regedt32 on Windows 2003 but it just runs regedit.
-Sue
On 5 Oct 2005 02:14:34 -0700, "wickedw"
<mwaring@bentos.force9.co.uk> wrote:
>Hello sue,
>
>Thank you for your advice, I have read the articles you have pointed to
>which definitely help clarify some issues.
>
>On the face of it, my changes in enterprise manager have propagated to
>the services correctly, I have even manually restarted them as you
>suggested.
>
>Nevertheless, I'm still struggling to make changes/getting registry
>restriction errors as discussed previously.
>
>One thing that was confusing me is whether you need to add your SQL
>service user to the administrators group to get things running
>smoothly? (The account is correctly showing in the system
>administrators on the enterprise manager itself) Does this not defeat
>the object? Or is it the fact you have changed the name from
>administrator that is the main security mechanism? If not, I'm pretty
>sure I'm stuck. Do you temporarily assigned to make changes? I'm
>worried this is a half baked solution.
>
>Thanks for your help,
>
>Matthew
- Next message: Owe Armandt: "Domain group accounts"
- Previous message: Keith Wilson [MSFT]: "Re: Impact of Changing Authentication Mode"
- In reply to: wickedw: "Re: Securing SQL Server after administration installation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
