July 8, 2010 at 5:22 am
Hi there I am hoping someone could help me clear up the accounts and groups that are used and created during a SQL install.
We have done a light install of just the SQL Service and Agent and used separate domain accounts for each.
If I check the servers local groups I can see 4 new groups named:
SQlServer2005SQLBrowser
SQLServerMSSQLServerAD
SQLServerMSSQLUser
SQLServerSQLAgent
If I look at the SQLServerMSSQLUser group I would have thought that the SQL Service account would be in there but it isn't. What are these groups for?
Neither are any of these groups present in my instance of SQL, which I also would have thought would be the case. I thought it was through these groups in SQL that you manage the account permissions, but seems my understanding is flawed.
Furthermore in my Logins on my instance I have accounts for NT Service\MSSQLServer and NTService\SQLServerAgent, what are these and are they needed?
Lastly the SQL Service and Agent accounts are also NOT present in my instance logins, should they be there?
One more thing, which account to I grant permissions to on the folder where the databases reside (I am moving them to a new location)
Many thanks and sorry if I have been unclear, I will try to elaborate of explain further if needs be.
July 19, 2010 at 9:02 pm
Those groups are needed if you are looking to configure the services with "least privileges"..
I would recommend checking out this link for some additional details:
http://technet.microsoft.com/en-us/library/ms143504.aspx
I don't have access to any of my instances right now so I can't say for sure that my config is the same as yours, but we usually put our accounts in the administrators group (I know it's not the recommended practice), so I'm not sure if the accounts would appear in those groups or not that you refer to.
Regards,
Steve
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply