SQL service not working when I use an account copied from the original account

We have a network account that we created as a copy of the account we use for the SQL network service on our SQL server.
We know this account works as a normal user, however when we set the SQL server machine to use this as the network account for the SQL service, SQL agent service etc it wont start.  However, if we then add the new account to the admin group (which the old one was not a member) we find that it does start the SQL services.

Any ideas?
LVL 1
wannabecraigAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rainer JeschorCommented:
Hi,

I am not 100% sure, but it could be that if you used the old account during Installation, the Setup routine adds the user the necessary permissions (e.g. Log on as a Service, Replace Process Level token etc).
Please see here for SQL Server 2012:
https://msdn.microsoft.com/en-us/library/ms143504(v=sql.110).aspx#Windows

Which version of SQL Server? Which hosting OS?

You might find the users permission when you open the "Local Security Policy".

HTH
Rainer

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Marten RuneSQL Expert/Infrastructure ArchitectCommented:
Well well, there is NTFS permissions, run as batch, replace token and a whole bunch of things to set in order for it to work. And once SQL Server service it starts nobody is interested in locking security down, and you're left with a system that has more attack vectors than need be.

I have been there and have the T-shirt to prove it. But I also figured out how to fix the mess!

You HAVE to use SQL Server Configuration Manager (SSCM from now on), because of all those things happening in the background, do NOT use services.msc or any other means to change serviceaccount (i e powershell, WMI, etc etc).

Step 1
To make sure you have the apropiate rights for the account that will be used to give the target account the correct permission, use the local admin account.
Open SSCM, change both serviceaccounts (agent and SQL Service) to Local system. Apply, restart SQL,

Step 2 Now that the running account has it's rights, it can give the correct permissions to target account, i e change to correct NTFS, or ACL if you prefere that term, set security and Everything I numbered in the top of this posting.
Now create the account that's the target account for the services. Do not grant it any special permissions on the server. A AD account is prefered.

Step 3
in SSCM (may already be open), now change to your desired target account, fill in pwd and apply. All the magic rights are set in the background by the old service account (local system), and it has all the rights it needs to set things correctly for the new account.

Step 4
Restart the server, check application log, and in SSMS check the errorlog.

Step 5
Done, grant yourself a cup of coffe, and think of all the time you just saved, and how it feels to KNOW that youre server is correctly set up with least possible rights for the service account, making it a less usable target for evil people trying to hack in to your network, since the service account is the roof of rights they can gain if they should manage to compromise the SQL Server Service.

Regards Marten
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft SQL Server 2008

From novice to tech pro — start learning today.