Most entry level DBAs still have the confusion on what is a service account and which is the best to be used and when. This article will take you through that.
Depending on the selection that you made while installing SQL Server, you will have the services installed in your server.
SQL Server Database Services:
SQL Server Agent
Analysis Services
Reporting Services
Integration Services
SQL Server Browser
Full-text search
SQL Server Active Directory Helper
SQL Writer
You can configure you SQL Server related services either during the setup or after the installation using the SQL Server configuration Manager.
Types of startup accounts:
Local User Account: This user account is created in your server where SQL Server is installed, this account does not have access to network resources.
Local Service Account: This is a builtin windows account that is available for configuring services in windows. This account has permissions as same as accounts that are in the users group, thus it has limited access to the resources in the server. This account is not supported for SQL SERVER and AGENT services.
Local System Account: This is a builtin windows account that is available for configuring services in windows. This is a highly privileged account that has access to all resources in the server with administrator rights.
Network Service Account: This is a builtin windows account that is available for configuring services in windows. This has permissions to access resources in the network under the computer account.
Domain Account: This account is a part of your domain that has access to network resources for which it is intended to have permission for. It is always advised to run SQL Server and related services under a domain account with minimum privilege need to run SQL Server and its related services.
Where can you see the Local System, Local Service and Network Service accounts? These are windows in-built accounts that are part of the operating system and assigned to the users, you cannot use the account to login to the system, these accounts are meant to be used for securing and authentication mechanism.
Changing Service Accounts:
As mentioned above, SQL Server service accounts can be configured either during installation or using SQL Server configuration Manager. The first one is part of the installation and can be configured during the step Instance Configuration. I would walk you through changing a service account using SQL Server Configuration Manager.
1. Start -> Programs Microsoft SQL Server 2008 -> Configuration Tools -> SQL Configuration Manager
2. Highlight a service in the right pane, right click for properties.
You can change the built-in account here, else if you would like to change it to a Local User account or a domain user account, choose option This Account to Ungray it and enter the credentials of a local or a domain user account.
Remember that you will need to restart the SQL Server and related services for the new Service account to take effect.
Tip: If you have no domain accounts or running under multiple domains and Your SQL Server needs access to other resources in the network, you can create an user account with same username and password across all Servers and use that as service account in your servers.
Leave a Reply