New admin account to run sql services

I've installed a new instance of sql 2005, I've read an article on using a local admin account but locking it down but I'm not sure how. I have created a new local user (Vista) and made it a member of administrators group. Using the sql config I have set the account to run the db/agent services to this new account.
2 questions...
How do I secure this admin acount to do what it needs to do (start service, folder access, send db mail etc) but not have other windows type admin?
Also when I tried to change the account for reporting services service I couldn't proceed without adding a password and location for a key... huh?
LVL 29
Who is Participating?
imran_fastConnect With a Mentor Commented:
this is microsoft article;en-us;Q283811
Grant the service account appropriate user rights - with Active Directory based or local group policy, depending on account type. After you launch the Group Policy Editor, containing either local or Active Directory container-specific settings, in the Computer Configuration portion of the policy, drill down to Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment folder. After double-clicking on the relevant (outlined in the KB article Q283811) user rights from the list displayed in the details pane, add the service account name to the group of privileged accounts.
Grant the service account permissions to registry keys outlined in the KB article Q283811- with the help of the Registry Editor.
Grant the service account permissions to folders and their content outlined in the KB article Q283811 (assuming that you followed Microsoft recommendations and installed SQL Server on an NTFS-formatted partition),
You might need to add the service account to the SQL Server 2000 fixed server sysadmin role. You can handle this either with SQL Enterprise Manager (e.g. by launching Create Login Wizard) or with Query Analyzer (by executing sp_grantlogin and sp_addsrvrolemember stored procedures, as demonstrated in the KB article Q283811).
QPRAuthor Commented:
Thanks but that seems to only tell me what will/won't work under different scenarios.
I was looking for some kind of security checklist, or similar, that would allow me to bolt down this Windows admin account that does nothing outside of sql.
QPRAuthor Commented:
Thanks, I've done the sql side of things but wasn't sure about the Windows side.
This is my stand alone laptop not using AD or G.Pol - was more for my own learning. I'll check out the link thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.