Under which user account should I run the SQL Server service?

[antzzz]

I've read in a Security article somewhere that I shouldn't be running my SQL Server service under the Local System account or an admin account. I have SQL 2000 SP3 in Win 2000 server. I don't do any replication or use SQL Mail at the moment. It's a dedicated server and clients connect to it over the network. I have Database Maintenance plans to do backup and DBCC nightly.

In this regard, under which user account should I run the SQL Server service without losing any functionality in SQL Server? What Windows right does it really need? Some of the articles say that as a minimum, the user account should have "Run as a Service" right.

Is this true and is this the only right I need?

 

[SQLBill]

MSSQLServer and SQLServerAgent are services and therefore need to run as services.

Here's the big question you need to ask yourself:
Where does SQL Server need to connect to? If it only deals with itself and the drives on it's server, then it needs a LOCAL USER account. If it's saving files or using files on a network, it needs a network account.

No matter what type of account you provide for the services, you MUST make sure that account has access to whatever computer/directory/files that SQL Server needs to use.

-SQLBill

 

[mrdenny]

The account that will be running your SQL Server needs two rights granted to it. The "Run as a Service" right that you mentioned and the "Act as part of the Operating System" right. When you change the service startup settings within Enterprise Manager it will automatically grant these rights to the user account that you specify.

As SQLBill said, you'll also need to make sure that the SQL Server can only access the file system objects that it needs to, in order to get it's job done.

Denny

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

(My very old site)