Should SQL2008 server service account be a local admin of the server

Posted on 2011-10-26
Last Modified: 2012-05-12
Hello there,

Please advise if sql server service account should be a local admin of the server (w2k8 r2)?

Thanks and Regards
Question by:goprasad
    LVL 7

    Expert Comment

    It *can* be but it's not recommended as it provides extra access that really isn't needed, yet most companies I know use an admin account for it.  

    This link shows you what membership roles you need.

    Do note almost every security best practice paper will tell you to use a separate account for the sql agent service and one for the sql server service, but up to now, I haven't seen that used anywhere.  Security really is based on how sensitive the data is and your environment.

    Author Comment

    the sql server service account that we use for a particular application is also member of local administrator.
    I am thinking of removing it from local admin group, I wasn;t sure what impact it may have?
    LVL 7

    Accepted Solution

    Make sure you give it the minimum required rights stated in the linked above document, if it does not, SQL Server will not be able to perform it's tasks.  You'll get various errors and different sympthoms based on the rights you do give it.  For example, if SQL Server cannot write to the folder/file that the master or system DBs reside on, it'll stop operating.  If it can't write to the drives that the user database is on, that DB will act abnormally or stop working all together based on the usage scenario.  If the service account doesn't have rights to instant file init., DB growth operations will take a long time, etc. etc.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
    How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
    In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now