SQL service accounts and vulnerabilities
Posted on 2014-11-13
One of the checks microsofts baseline security analyser does is:
SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.
The explanation it gives though is a bit weak on how much of a risk it is if SQL related service accounts are run as system or members of local admin groups.
My question is will the SQL software run fine if these service accounts are run under the context of lesser privelege accounts, and what is the risk in having these serivce accounts run as localsystem or a member of local admins?