Post reply

Using windows groups for holding the SQL Server Agent service "log on as" account name ??

  • June 15, 2012 at 6:46 am

    #263012

    Using windows groups for holding the SQL Server Agent service "log on as" account name

    What windows group would the account that runs your sql server agent service be in?

    And why would you add it to a windows group?

    I have a mixture of sql servers - 2005 and 2008. After installation there appears to be a windows group login defined in sql (using ssms to view) as follows:

    For sql server 2005: (spaces added for readability)

    <server name\> SQLServer2005SQLAgentUser $ <sql server name> $ <instance name>

    For sql server 2008:

    default instance;

    NT SERVICE\SQLSERVERAGENT

    named instance:

    NT SERVICE\SQLAgent$TEST

    They have sysadmin server role. Presumably the sql server installation process created them?

    But what is the point of them?

    I'm looking at creating a standard windows task account on each server to use to run the SQL Server Agent service. But what's the point of the windows group - does the sql config mgr add the SQL Server Agent service account to the group under the covers or something? Or should I add it to the windows group myself. Why?

    (We don't have Active Directory installed across the organisation.)

    Any hints or tips appreciated.

    Dave.

  • June 19, 2012 at 6:22 am

    #1502771

    What windows group would the account that runs your sql server agent service be in?

    A = None, the account should have the least possible level of privlages, when you use SS Configuration Manager or specify the account during install, it will assign the account the required permissions.

    And why would you add it to a windows group?

    A = You don't SSCM does this

    I have a mixture of sql servers - 2005 and 2008. After installation there appears to be a windows group login defined in sql (using ssms to view) as follows:

    For sql server 2005: (spaces added for readability)

    <server name\> SQLServer2005SQLAgentUser $ <sql server name> $ <instance name>

    For sql server 2008:

    default instance;

    NT SERVICE\SQLSERVERAGENT

    named instance:

    NT SERVICE\SQLAgent$TEST

    They have sysadmin server role. Presumably the sql server installation process created them?

    A = Yes, they are created by the install process

    I'm looking at creating a standard windows task account on each server to use to run the SQL Server Agent service. But what's the point of the windows group - does the sql config mgr add the SQL Server Agent service account to the group under the covers or something? Or should I add it to the windows group myself. Why?

    A = Don't add users manually to the groups, doing it this way will mean other security settings are not set, always use configuration manager

    Would reccomend you take a look at this artical http://msdn.microsoft.com/en-us/library/ms143504%28v=sql.100%29.aspx

Viewing 2 posts - 1 through 1 (of 1 total)

You must be logged in to reply to this topic. Login to reply