Running SQL server with a domain account

I've been running MSSQL2005 on a 2003 server with the main SQL service using the main Domain administrator acount and password.

Not the best practice so I've created a new AD user account for this purpose, however how do I then assign the appropriate permissions to this new account for the service to run?

I assumed there would be a local user group on the server that is running sql that I would make the new AD user a member of but I can't see an appropriate group (there are several SQL groups but not one that works, I get error 17058)

If I run the SQL service using Local System account then it runs fine but how secure is this?

Help appreciated.
ITSMEPJBAsked:
Who is Participating?
 
x-menConnect With a Mentor IT super heroCommented:
did you follow the link? there are more permissions to set either than "logon as service", have you checked NTFS permissions for example.

bototm line is: check EVERYTHING thats in
http://msdn.microsoft.com/en-us/library/ms143504.aspx#Review_NT_rights 
0
 
x-menIT super heroCommented:
BOL has the list with the permission needed to run MSSQLSERVER. Just search for something like "Setting Up Windows Service Accounts "
0
 
x-menIT super heroCommented:
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

 
ITSMEPJBAuthor Commented:
OK, good info. Thanks.

The service that I want to start is the "SQL Server (MSSQL)" and I have an AD user account to use, where do I define this user the rights? Do I use the "local users and groups" mmc snap in to make the AD user a member of one of the sql groups shown there or is it something I have to define in the SQL server manager console?
0
 
x-menIT super heroCommented:
local security policy
0
 
x-menIT super heroCommented:
administrative tools > Local security Policy

or

c:\windows\system32\gpedit.msc

or through GPO (in case of domain policy)
0
 
ITSMEPJBAuthor Commented:
The only user rights that I can see as appropriate under local security policy is "Allow logon as a service" what particular right do i need to assign for it to run the service?
0
 
x-menIT super heroCommented:
you add the user to the list.

for each policy, there is a "tab" explaining it.
0
 
ITSMEPJBAuthor Commented:
I've added a user to AD, looking through the local security policy of the server running the sql database I have added this user to the logon as service but the MSSQL service will not accept this user to start the service.?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.