December 15, 2005 at 8:31 am
Hi everyone.
We have in my office an SQL Server, hosting a few important databases. Currently, the startup account we are using is also our Domain Administrator account (boneheaded, yes, I know) I would like to know what needs to be done to change this. My thinking is to create a Domain User account, with a fairly long and complex password, for the startup account. My question is, does this account need any special privileges, both on the local server itself, or the domain?
Part of the reason I am looking to do this, is my boss will sometimes change the Administrator password (which is a good thing), but we forget about changing the password for the SQL server, which means when it restarts from a Windows Update or the like, the SQL Server does not restart.
I don't believe we need a stronly locked down account, as we are fairly well protected from intrusion from the internet (none of our Windows machines have direct connections to the internet), but also I do not want an account that would have full Domain Admin rights, either.
If I am reading MS KB# 283811 correctly, it sounds like I should be able to just create a user, then using SQL Server Enterprise Manager, set that user as the startup account, and the SEM will take care of any special permissions from there. Is that the case?
Details on the system:
Windows 2003 Server Enterprise Ed. SP1
SQL Server 2000 SP3
Thank you,
Jason A.
December 15, 2005 at 9:58 am
Normally, if you set it through EM, all things are taken care of. However, if you're using AWE memory or the like, there are some special rights that'll need to be granted. However, those are covered in the appropriate documentation on the subject. In general cases, make the change with EM and you're set.
K. Brian Kelley
@kbriankelley
December 15, 2005 at 7:12 pm
AWE memory?
December 15, 2005 at 7:18 pm
If you're using over 4 GB of RAM for SQL Server (that would have to be specifically configured). You mentioned Windows Server 2003 Enterprise Edition. SQL Server 2000 Enterprise Edition running on Windows 2000 Advanced Server or Windows Server 2003 Enterpise Edition can make use of memory > 2 GB. Up to 3 GB can be configured with a switch in boot.ini. However, anything more than 3 GB requires a switch in boot.ini, a user right set in the security policy, and SQL Server configured to use AWE memory. Chances are if you're not familiar with it, you're not using it.
K. Brian Kelley
@kbriankelley
December 16, 2005 at 1:56 am
If you are using SQL Mail then you will also have to create an Outlook profile for the new login and reassign the SQL Mail profile in SQL Mail and SQL Server Agent. If you dont want to then restart the MSSQLSERVER service then EXEC xp_stopmail, then EXEC xp_startmail to be able to use xp_sendmail.
Do this during a quiet time as you will probably find other issues, like the new account does not have permissions to other server's file shares, etc.
Andy
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply