Solved

Running SQL server with a domain account

Posted on 2010-11-30
9
187 Views
Last Modified: 2012-05-10
I've been running MSSQL2005 on a 2003 server with the main SQL service using the main Domain administrator acount and password.

Not the best practice so I've created a new AD user account for this purpose, however how do I then assign the appropriate permissions to this new account for the service to run?

I assumed there would be a local user group on the server that is running sql that I would make the new AD user a member of but I can't see an appropriate group (there are several SQL groups but not one that works, I get error 17058)

If I run the SQL service using Local System account then it runs fine but how secure is this?

Help appreciated.
0
Comment
Question by:ITSMEPJB
  • 6
  • 3
9 Comments
 
LVL 18

Expert Comment

by:x-men
Comment Utility
BOL has the list with the permission needed to run MSSQLSERVER. Just search for something like "Setting Up Windows Service Accounts "
0
 
LVL 18

Expert Comment

by:x-men
Comment Utility
0
 

Author Comment

by:ITSMEPJB
Comment Utility
OK, good info. Thanks.

The service that I want to start is the "SQL Server (MSSQL)" and I have an AD user account to use, where do I define this user the rights? Do I use the "local users and groups" mmc snap in to make the AD user a member of one of the sql groups shown there or is it something I have to define in the SQL server manager console?
0
 
LVL 18

Expert Comment

by:x-men
Comment Utility
local security policy
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 18

Expert Comment

by:x-men
Comment Utility
administrative tools > Local security Policy

or

c:\windows\system32\gpedit.msc

or through GPO (in case of domain policy)
0
 

Author Comment

by:ITSMEPJB
Comment Utility
The only user rights that I can see as appropriate under local security policy is "Allow logon as a service" what particular right do i need to assign for it to run the service?
0
 
LVL 18

Expert Comment

by:x-men
Comment Utility
you add the user to the list.

for each policy, there is a "tab" explaining it.
0
 

Author Comment

by:ITSMEPJB
Comment Utility
I've added a user to AD, looking through the local security policy of the server running the sql database I have added this user to the logon as service but the MSSQL service will not accept this user to start the service.?
0
 
LVL 18

Accepted Solution

by:
x-men earned 500 total points
Comment Utility
did you follow the link? there are more permissions to set either than "logon as service", have you checked NTFS permissions for example.

bototm line is: check EVERYTHING thats in
http://msdn.microsoft.com/en-us/library/ms143504.aspx#Review_NT_rights
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

by Mark Wills Attending one of Rob Farley's seminars the other day, I heard the phrase "The Accidental DBA" and fell in love with it. It got me thinking about the plight of the newcomer to SQL Server...  So if you are the accidental DBA, or, simp…
Introduction This article will provide a solution for an error that might occur installing a new SQL 2005 64-bit cluster. This article will assume that you are fully prepared to complete the installation and describes the error as it occurred durin…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now