Ask the Expert

Limit SQL Server admin permissions for domain accounts

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts?

    Requires Free Membership to View

The SQL Server should never be run under an account with domain admin permissions. Always grant the Windows account that the SQL Server runs under the minimal rights it needs in order to function. The lowest set of permissions that Microsoft SQL Server needs to run are the "Log on as a service," "Log on as a batch job," and if running Enterprise Edition the "Lock pages in memory" rights.

Many people will give the SQL Server local administrative rights to the server. The SQL Server account should never be given domain admin rights as this poses an unacceptable security risk to the Windows domain.

This was first published in August 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: