question

IJ5569 avatar image
IJ5569 asked

SQL Server service virtual accounts and directories permissions

SQL Server service accounts are virtual accounts as MSSQL$InstanceName.

When a SQL Server instance uses a directory to write data it is necessary that the virtual account has permissions to write in the directory.

Nevertheless, I have a server in which an instance is using a directory without, apparently, having the required permissions on it.

There are two groups with full permissions: Administrators and System. But the virtual account doesn't appear in the list.

How is it possible that the virtual service account writes in the directory? Is a virtual account able to write in any directory in the server?


permissionsservice-account
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

·
anthony.green avatar image
anthony.green answered

You need to find “NT SERVICE\MSSQLSERVER” if using a default instance or “NT SERVICE\MSSQL$<instancename>” where <instancename> is the name of the named instance if you use those instead, then grant full permissions to that account.

2 comments
10 |1200
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

IJ5569 avatar image IJ5569 commented ·
The issue is precisely that, without granting any explicit permissions to the virtual account, the SQL Server named instance (it is, the virtual account associated to it) is able to create database files in some directories. In some manner, the virtual account seems to have administrator permissions or someting similar. That's what I am confused about.
0 Likes 0 ·
anthony.green avatar image anthony.green IJ5569 commented ·
Ah sorry, I understand the question better now.

Yes without explicit permissions to the directories it is creating the files in, I am unsure how it is doing it, unless for some reason it is operating as the system account when doing so.

0 Likes 0 ·

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.