MSSQLSERVER service

[Dukester0122]

The service is currently setup to use a 'Local System Account'. I want to setup SQL Mail and want to change both MSSQLSERVER and SQLSERVERAGENT to my account but I'm not a domain admin or a local server admin just a domain user. If I can change my server role to either System or Server Administrator, would it work or do I need to be a domain admin?

 

[ptheriault]

you don't need to be a domain admin. However, I would strongly urge you not to use your own domain account. Most places put password policies on their domain accounts to expire passwords or lock out accounts after so many failed attempts. You would have to go back and change services using your domain account when you change your password and if your account becomes disabled services will fail when the server is rebooted.

- Paul
- If at first you don't succeed, find out if the loser gets anything.

 

[Dukester0122]

i tried to use my account in MSSQLSERVER service then tried to restart the service and it hanged. put it back to local system account and for 2 hours the service says 'Starting' so i had to restart the server.

looks like it doesn't work with my account but i'm a domain user. do i have to be a local admin or even a sql server admin?

 

[Catadmin]

Well, you do have to have the rights to change the service accounts, whether its on SQL Server or via the Windows OS Services box.

However, as Paul said, I'd get a plain ol' vanilla non-user domain user account to use as your SQL Services account. The reasons for doing this are more than password changes. If your global or local security policies deny your account certain privledges, then the account is not going to be able to do some of the things SQL Server needs to do.

BTW, if you're not a SQL Server admin, why are you changing the SQL Server service accounts?



Catadmin - MCDBA, MCSA
"No, no. Yes. No, I tried that. Yes, both ways. No, I don't know. No again. Are there any more questions?"
-- Xena, "Been There, Done That"

 

[ptheriault]

Here are the rights you'll need on the server.

Windows user rights
Typically, the default installation of the operating system gives the Local Administrators Group all the user rights that SQL Server requires to function correctly. Therefore, local Windows NT accounts or domain accounts that have been added to the Local Administrators Group, with the intent of being the startup account for the SQL Server service, have all the user rights that they require. However, we do not recommend that you run SQL Server under such high user rights.

For SQL Server 2005, if you do not want the SQL Server or the SQL Server Agent startup account to be a member of the Local Administrators Group, see the "Reviewing Windows NT Rights and Privileges Granted for SQL Server Service Accounts" section in the "Setting Up Windows Service Accounts" topic in SQL Server 2005 Books Online.

For SQL Server 2000, if you do not want the SQL Server or the SQL Server Agent startup account to be a member of the Local Administrators Group, then the startup account for the MSSQLServer service and the SQLServerAgent service (either a local Windows NT account, or a domain Windows NT account) must have these user rights:
• Act as Part of the Operating System = SeTcbPrivilege
• Bypass Traverse Checking = SeChangeNotify
• Lock Pages In Memory = SeLockMemory
• Log on as a Batch Job = SeBatchLogonRight
• Log on as a Service = SeServiceLogonRight
• Replace a Process Level Token = SeAssignPrimaryTokenPrivilege

In the db the account needs to be sysadmin.

If you have more questions check out this link.

http://support.microsoft.com/kb/283811

- Paul
- If at first you don't succeed, find out if the loser gets anything.