| Author |
Messages |
|
Umil (guest)
 |
| 01/21/2008 5:42 PM |
 Quote
 Reply
 Alert
|
Hi,
I have setup a SQL 2000 instalation and selected a local low privileged account to run the MSSQL service. I read that the recommendation would be to have a separate account to run the SQL Agent service, however I should add it to the local administrator group?
Is this correct? If yes, why would I do this? It would defeat the purpose of a low privileged account. Any workaround for this?
Thanks |
|
|
|
|
Chip Andrews
Posts:113
|
| 01/22/2008 5:58 PM |
Quote
Reply
Alert
|
You should not run as administrator under any circumstances. While it is possible that certain functions may not work (multi-server administration) it is a better trade-off to go with minimal privileges.
http://msdn2.microsoft.com/en-us/library/ms345380.aspx
(SQL 2005 doc but most limitations still apply to SQL 2000) |
|
|
|
|
mulhall (guest)
|
| 01/23/2008 6:39 AM |
Quote
Reply
Alert
|
For run-of-the-mill instances of SQL I wouldn't be that worried about using the same account for the Agent and the Server service.
If you are going to have seperate accounts, you just need to apply the same principle as before, grant permissions on a least-privilege basis; so your looking for access to the relevant portions of the registry, file system and any netowrk shares you might be pulling/pushing data from/to - log shipping is a good example for that.
|
|
|
|
|
|