Hi,
This is a topic that I've researched and researched and still can't find a decent answer to. That is, what permissions are needed for the SQL Server and SQL Server Agent accounts??
To make things more complicated, we are running a 2005 cluster. However, I am assuming you change the service accounts using the Configuration Manager tool on the virtual server. I can't find an answer to that anywhere either, in all the piles and piles of clustering documentation I have on my desk. Sigh. And the services were not set up properly during the time of install, another sigh.
From what I can determine, the SQL Server Agent service must run under an account with the "ability to log on as a service" AND needs the "sysadmin fixed server role on the local instance of SQL Server" - however, I don't know how this applies to our cluster.
Is the "sysadmin fixed server role" also needed for the SQL Server service? I've never heard of this until 2005. Doesn't this totally fly in the face of security having admin privileges on the Agent account?
From 2005 BOL:
I am waiting to talk to our clustering consultant at Microsoft, but until then, I need to sort this out the best I can. I find it terrifically confusing... Microsoft does not make it easy at all.
Thank you
This is a topic that I've researched and researched and still can't find a decent answer to. That is, what permissions are needed for the SQL Server and SQL Server Agent accounts??
To make things more complicated, we are running a 2005 cluster. However, I am assuming you change the service accounts using the Configuration Manager tool on the virtual server. I can't find an answer to that anywhere either, in all the piles and piles of clustering documentation I have on my desk. Sigh. And the services were not set up properly during the time of install, another sigh.
From what I can determine, the SQL Server Agent service must run under an account with the "ability to log on as a service" AND needs the "sysadmin fixed server role on the local instance of SQL Server" - however, I don't know how this applies to our cluster.
Is the "sysadmin fixed server role" also needed for the SQL Server service? I've never heard of this until 2005. Doesn't this totally fly in the face of security having admin privileges on the Agent account?
From 2005 BOL:
This account. Lets you specify the Windows domain account in which the SQL Server Agent service runs. The domain account that you specify must be a member of the sysadmin fixed server role on the local instance of SQL Server. We recommend that the Windows user account you choose is not a member of the Windows Administrators group.
...
Members of the sysadmin fixed server role can perform any activity in the server. By default, all members of the Windows BUILTIN\Administrators group, the local administrator's group, are members of the sysadmin fixed server role.
I am waiting to talk to our clustering consultant at Microsoft, but until then, I need to sort this out the best I can. I find it terrifically confusing... Microsoft does not make it easy at all.
Thank you