Results 1 to 7 of 7
  1. #1
    Join Date
    Dec 2002
    Posts
    1,245

    Unanswered: Changing SQL Service Account

    Has anyone ever converted from running SQL Server under the Local System account to running under a Domain User account?

    I have often installed SQL using a Domain User account, but I am inheriting a couple of SQL Servers that were set up to run under Local System. I have never had to convert "on the fly" before.

    If you have any input or insights, I would be grateful.

    Regards,

    hmscott

  2. #2
    Join Date
    Nov 2003
    Posts
    54
    I have done this several times, and have had no issues (knock on wood). Make sure that the Domain account has sufficient permissions on the local machine, and you shold be ok.

  3. #3
    Join Date
    Dec 2002
    Posts
    1,245
    Is "Power User" sufficient, or do I have to grant local admin to the account?

    Regards,

    hmscott

  4. #4
    Join Date
    Aug 2002
    Location
    Scotland
    Posts
    1,578
    If any of the jobs on the local involves deleting/creating files then better to give admin and its no harm is allocating this privilege for SQL service accounts.
    --Satya SKJ
    Microsoft SQL Server MVP
    [IMG]http://sqlserver-qa.net/google_bart.gif[/IMG]

  5. #5
    Join Date
    Mar 2004
    Posts
    45
    Originally posted by Satya
    If any of the jobs on the local involves deleting/creating files then better to give admin and its no harm is allocating this privilege for SQL service accounts.
    8-O

    That's wrong! Basic tenet of security is least privileges of course. Required permissions are outlined in this article:

    http://support.microsoft.com/?id=283811

    Quote from the article: "...running SQL Server under such high user rights is not recommended."
    Hans.

  6. #6
    Join Date
    Aug 2002
    Location
    Scotland
    Posts
    1,578
    No such threat at our end, so far so good.
    It purely depend how you secure the network and connections.
    --Satya SKJ
    Microsoft SQL Server MVP
    [IMG]http://sqlserver-qa.net/google_bart.gif[/IMG]

  7. #7
    Join Date
    Feb 2004
    Location
    In front of the computer
    Posts
    15,579
    Provided Answers: 54
    Due to the nature of what our SQL Servers do, we make most of the machines run as LocalSystem. We basically make each machine run with the lowest level of privledge that it needs to do its job.

    We do have one machine that is our interface/automation server that does all kinds of things like copying data from one server to another, runs DTS packages that affect multiple machines, etc that has privleges similar to a Domain Admin (because it must touch nearly every machine in the Data Center). Only the Domain Admins and a few select IT staff can even see this box, much less touch it!

    -PatP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •