New admin account to run sql services

Posted on 2007-08-04
Last Modified: 2010-03-19
I've installed a new instance of sql 2005, I've read an article on using a local admin account but locking it down but I'm not sure how. I have created a new local user (Vista) and made it a member of administrators group. Using the sql config I have set the account to run the db/agent services to this new account.
2 questions...
How do I secure this admin acount to do what it needs to do (start service, folder access, send db mail etc) but not have other windows type admin?
Also when I tried to change the account for reporting services service I couldn't proceed without adding a password and location for a key... huh?
Question by:QPR
    LVL 28

    Expert Comment

    LVL 29

    Author Comment

    Thanks but that seems to only tell me what will/won't work under different scenarios.
    I was looking for some kind of security checklist, or similar, that would allow me to bolt down this Windows admin account that does nothing outside of sql.
    LVL 28

    Accepted Solution

    this is microsoft article;en-us;Q283811
    Grant the service account appropriate user rights - with Active Directory based or local group policy, depending on account type. After you launch the Group Policy Editor, containing either local or Active Directory container-specific settings, in the Computer Configuration portion of the policy, drill down to Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment folder. After double-clicking on the relevant (outlined in the KB article Q283811) user rights from the list displayed in the details pane, add the service account name to the group of privileged accounts.
    Grant the service account permissions to registry keys outlined in the KB article Q283811- with the help of the Registry Editor.
    Grant the service account permissions to folders and their content outlined in the KB article Q283811 (assuming that you followed Microsoft recommendations and installed SQL Server on an NTFS-formatted partition),
    You might need to add the service account to the SQL Server 2000 fixed server sysadmin role. You can handle this either with SQL Enterprise Manager (e.g. by launching Create Login Wizard) or with Query Analyzer (by executing sp_grantlogin and sp_addsrvrolemember stored procedures, as demonstrated in the KB article Q283811).
    LVL 29

    Author Comment

    Thanks, I've done the sql side of things but wasn't sure about the Windows side.
    This is my stand alone laptop not using AD or G.Pol - was more for my own learning. I'll check out the link thanks.

    Featured Post

    Highfive Gives IT Their Time Back

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    INTRODUCTION: While tying your database objects into builds and your enterprise source control system takes a third-party product (like Visual Studio Database Edition or Red-Gate's SQL Source Control), you can achieve some protection using a sing…
    Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
    Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now