?
Solved

New admin account to run sql services

Posted on 2007-08-04
4
Medium Priority
?
165 Views
Last Modified: 2010-03-19
I've installed a new instance of sql 2005, I've read an article on using a local admin account but locking it down but I'm not sure how. I have created a new local user (Vista) and made it a member of administrators group. Using the sql config I have set the account to run the db/agent services to this new account.
2 questions...
How do I secure this admin acount to do what it needs to do (start service, folder access, send db mail etc) but not have other windows type admin?
Also when I tried to change the account for reporting services service I couldn't proceed without adding a password and location for a key... huh?
0
Comment
Question by:QPR
  • 2
  • 2
4 Comments
 
LVL 28

Expert Comment

by:imran_fast
ID: 19633498
0
 
LVL 29

Author Comment

by:QPR
ID: 19635166
Thanks but that seems to only tell me what will/won't work under different scenarios.
I was looking for some kind of security checklist, or similar, that would allow me to bolt down this Windows admin account that does nothing outside of sql.
0
 
LVL 28

Accepted Solution

by:
imran_fast earned 2000 total points
ID: 19637117
this is microsoft article
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283811
Grant the service account appropriate user rights - with Active Directory based or local group policy, depending on account type. After you launch the Group Policy Editor, containing either local or Active Directory container-specific settings, in the Computer Configuration portion of the policy, drill down to Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment folder. After double-clicking on the relevant (outlined in the KB article Q283811) user rights from the list displayed in the details pane, add the service account name to the group of privileged accounts.
Grant the service account permissions to registry keys outlined in the KB article Q283811- with the help of the Registry Editor.
Grant the service account permissions to folders and their content outlined in the KB article Q283811 (assuming that you followed Microsoft recommendations and installed SQL Server on an NTFS-formatted partition),
You might need to add the service account to the SQL Server 2000 fixed server sysadmin role. You can handle this either with SQL Enterprise Manager (e.g. by launching Create Login Wizard) or with Query Analyzer (by executing sp_grantlogin and sp_addsrvrolemember stored procedures, as demonstrated in the KB article Q283811).
0
 
LVL 29

Author Comment

by:QPR
ID: 19641218
Thanks, I've done the sql side of things but wasn't sure about the Windows side.
This is my stand alone laptop not using AD or G.Pol - was more for my own learning. I'll check out the link thanks.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction: When running hybrid database environments, you often need to query some data from a remote db of any type, while being connected to your MS SQL Server database. Problems start when you try to combine that with some "user input" pass…
Data architecture is an important aspect in Software as a Service (SaaS) delivery model. This article is a study on the database of a single-tenant application that could be extended to support multiple tenants. The application is web-based develope…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question