asked
What is the best practice for SQL Server service(MSSQLServer, SQLServerAgent) in domain environment
Hi , What is the best practice for SQL Server service(MSSQLServer, SQLServerAgent) in domain environment to run under 1- Virtual Account [NT Service\Servicesname] 2- [Domain User account] and also for this user what is the best privilege it should have :- - Just be member of Domain Users Group ***or*** other group on domain Server. - do we need to put this [Domain User account] member of Administrator group on server that host SQL Server Best. SQL Server 2012 & Windows server 2012
domain accounts are the best practice, if your AD catalog supports MSAs then these are viable although not recommended for clustered environments. At the end of the day, domain user accounts provide security and network access for the service it is running under.
To facilitate the smooth registration and deregistration of SPNs you may want to grant the following permissions in active directory. readserviceprincipalname writeserviceprincipalname But apart from that, None, the sql server installer takes care of granting required permissions to the account
the service account does not need to be a member of the local administrators group on the server, the permissions required on the account such as "logon as service" are granted by the sql server installer. All users inherit the Domain users group ;-)
19 People are following this question.
