Q

Limit SQL Server admin permissions for domain accounts

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts?

What is the best practice for using domain accounts such as those with domain admin permissions for SQL Server service accounts?
The SQL Server should never be run under an account with domain admin permissions. Always grant the Windows account that the SQL Server runs under the minimal rights it needs in order to function. The lowest set of permissions that Microsoft SQL Server needs to run are the "Log on as a service," "Log on as a batch job," and if running Enterprise Edition the "Lock pages in memory" rights.

Many people will give the SQL Server local administrative rights to the server. The SQL Server account should never be given domain admin rights as this poses an unacceptable security risk to the Windows domain.

This was first published in August 2007

Dig deeper on SQL Server Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchBusinessAnalytics

SearchDataCenter

SearchDataManagement

SearchAWS

SearchOracle

SearchContentManagement

SearchWindowsServer

Close