Service Accounts - local not domain
-
Hi,
I'm installing 2005 Standard, and I want to use pre-existing local user accounts to run the services under instead of using Local System or Network or Network Service accounts.
Problem is, the setup only allows me to select a *Domain* account on the Service Accounts page. The server isn't part of a domain but standalone for use with a website at a hosted location.
I'm a bit confused as I thought I could use local accounts. Can anyone enlighten me? If I can't then what is the best config?? All the stuff I've read says not to use the built in accounts.
-
Just enter the local computername as domain. That should work.
Markus
[font="Verdana"]Markus Bohse[/font]
-
You would install SQL under local admin account. After the setup is finished, go in Configuration Manager, SQL Server 2005 Services, right click on sql server name -> here change the sql server service account to a local admin account (as a first step as you would not needed actually because thye sql 2005 setup creates some sql server groups that may be used for sql server services accounts).
For more info on best practices on sql server services accounts:
http://www.microsoft.com/technet/prodtechnol/sql/2005/sql2005secbestpract.mspx
good luck
-
Thanks, both of you. I can now pick the acccounts and I'm printing off the best practice doc as we speak.
Unfortunately, even though the setup now allows me to select the accounts, not all the the local groups are being created, and so errors appear:
SQL Server Setup was unable to add user HOSTNAME\Account to local group SQLServer2005MSFTEUser$HOSTNAME$INSTANCE
It's only setup 2 local groups, the DTS and the Notification services. I tried creating the group above and giving it the rights, but the install still gave the same error.
I'm going to remove and reinstall, but if you have any other good tips I'd be very glad to hear them
-
It seems I've found (a) the culprit. I've posted this in case it helps anyone else.
From
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=381890&SiteID=1
SQL server uses local group for ACLs. When server is installed the groups are created and their SIDs are stored in the registry. When you re-imaged the server the SID had to change and the SIDs in the registry are not valid anymore. Try to delete the values for the following values in Setup registry key the instance hive [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL.1\Setup]
The registry values are:
AGTGroup
SQLGroup
FTSGroup
ASGroup
As there was an existing instance on there it must have been setup as part of the image. I'm going to remove and reinstall. Thanks for everyone's input.
-
Thanks for that. I didn't have this problem but you may never know.
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply