Q

Limit SQL Server admin permissions for domain accounts

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts?

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts?
The SQL Server should never be run under an account with domain admin permissions. Always grant the Windows account that the SQL Server runs under the minimal rights it needs in order to function. The lowest set of permissions that Microsoft SQL Server needs to run are the "Log on as a service," "Log on as a batch job," and if running Enterprise Edition the "Lock pages in memory" rights.

Many people will give the SQL Server local administrative rights to the server. The SQL Server account should never be given domain admin rights as this poses an unacceptable security risk to the Windows domain.

This was last published in August 2007

Dig Deeper on SQL Server Security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close