Permissions required for an SQL Server account

We are attempting to get SQL running under a domain name account, nonetheless we are not exactly sure what approvals will certainly be needed for the solution to start.

Currently it is simply a typical customer in the active directory domain name (which will not allow the solution start), I think this customer account will certainly require approvals to the Program FilesbkslshMicrosoft SQL Server directory site.

Yet does it need approvals to accessibility anything else?



2022-06-07 14:34:10
Source Share
Answers: 2

For SQL 2005 and also 2008 the KB write-up priced estimate by JR is out-of-date and also fairly insufficient. Given that SQL 2005 the arrangement develops neighborhood customer teams and also gives all required advantages to run each solution to the corresponding neighborhood group. As an example the SQL Server solution account requires to be included in the SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER customer group (default instance) or SQLServer2005MSSQLUser$ComputerName$InstanceName customer group (called instance). The customer teams have actually all the required priviledges (SeServiceLogonRight, SeBatchLogonRight, SeAssignPrimaryTokenPrivilege etc etc) and also all the necessary accessibility civil liberties on the computer system registry keys and also documents and also folders made use of by the corresponding solution. The ones 'missing out on' are the SeManageVolumePrivilege as Nick currently mentioned and also the SeLockMemoryPrivilege ("lock web pages in memory"): these need be provided clearly as are ruled out required.

So in SQL 2005/2008 instance the remedy is not to grant accessibility to the folders and also hives priced estimate in the KB, yet rather add the wanted domain name customer to the neighborhood customer group SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER (or the called instance matching).

You can read all the information at Setting Up Windows Service Accounts in BOL.

2022-06-07 16:01:53
2022-06-07 14:57:38