Solved

Running SQL server with a domain account

Posted on 2010-11-30
9
191 Views
Last Modified: 2012-05-10
I've been running MSSQL2005 on a 2003 server with the main SQL service using the main Domain administrator acount and password.

Not the best practice so I've created a new AD user account for this purpose, however how do I then assign the appropriate permissions to this new account for the service to run?

I assumed there would be a local user group on the server that is running sql that I would make the new AD user a member of but I can't see an appropriate group (there are several SQL groups but not one that works, I get error 17058)

If I run the SQL service using Local System account then it runs fine but how secure is this?

Help appreciated.
0
Comment
Question by:ITSMEPJB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
9 Comments
 
LVL 18

Expert Comment

by:x-men
ID: 34238118
BOL has the list with the permission needed to run MSSQLSERVER. Just search for something like "Setting Up Windows Service Accounts "
0
 
LVL 18

Expert Comment

by:x-men
ID: 34239464
0
 

Author Comment

by:ITSMEPJB
ID: 34258975
OK, good info. Thanks.

The service that I want to start is the "SQL Server (MSSQL)" and I have an AD user account to use, where do I define this user the rights? Do I use the "local users and groups" mmc snap in to make the AD user a member of one of the sql groups shown there or is it something I have to define in the SQL server manager console?
0
SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

 
LVL 18

Expert Comment

by:x-men
ID: 34259299
local security policy
0
 
LVL 18

Expert Comment

by:x-men
ID: 34259310
administrative tools > Local security Policy

or

c:\windows\system32\gpedit.msc

or through GPO (in case of domain policy)
0
 

Author Comment

by:ITSMEPJB
ID: 34259632
The only user rights that I can see as appropriate under local security policy is "Allow logon as a service" what particular right do i need to assign for it to run the service?
0
 
LVL 18

Expert Comment

by:x-men
ID: 34265436
you add the user to the list.

for each policy, there is a "tab" explaining it.
0
 

Author Comment

by:ITSMEPJB
ID: 34265591
I've added a user to AD, looking through the local security policy of the server running the sql database I have added this user to the logon as service but the MSSQL service will not accept this user to start the service.?
0
 
LVL 18

Accepted Solution

by:
x-men earned 500 total points
ID: 34266085
did you follow the link? there are more permissions to set either than "logon as service", have you checked NTFS permissions for example.

bototm line is: check EVERYTHING thats in
http://msdn.microsoft.com/en-us/library/ms143504.aspx#Review_NT_rights 
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, when I was asked to create a new SQL 2005 cluster, Microsoft released a new service pack for MS SQL 2005 what is Service Pack 3. When I finished the installation of MS SQL 2005 I found myself troubled why the installation of SP3 failed …
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question