best practice for SQL Agent account security

0 pts.
Tags:
SQL Server
Hello... kind of a "newbie" question here, but appreciate the insight. In order to bring our systems in line with best practices, I'm changing a couple of SQL instances from running under LocalSystem to running under a specific account. Same goes for the SQL Agent. Note that these accounts are local Windows accounts, not AD accounts. I've made all the Books Online-recommended security settings but was wondering the following: Should the Agent/Server accounts be part of the Users group? In other words, are the permissions specified in Books Online ALL that's needed (and I can therefore remove them from the Users group)? Should the Agent/Server account be allowed to logon locally? Thanks for tips.
ASKED: May 28, 2004  1:12 PM
UPDATED: June 3, 2004  8:56 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

You or your network admin should do the following:

1) Create a “common” SQL Service domain account (e.g., Domain1SQLService).
2) Make the account a member of the local Admin group on each server.
3) Load any SQL Server AND SQL Agent services through that account.

Such accounts can/should be allowed to log on locally.

However, you might want to remove the BUILTIN Administrators group from the sysadmin SS role (but only after first creating a login with syadmin membership for a DBA group!)

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Hopkihc
    Fair enough. Thanks for the input! -John
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following