Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
Author |
Topic |
aval
Starting Member
3 Posts |
Posted - 2009-07-21 : 13:24:57
|
MBSA informs me that:"SQL Server [and] SQL Server Agent [...] service accounts should not be members of the local administrators group."I created an account for SQL at the time it was installed on this server, following the directions in "SQL Server 2000 DBA" by Tony Bain et al.- It is a domain account.- It is a member of the local admin group on the SQL server.It is because on page 35 of the text cited above, I read that the account must have the following privileges:- Member of the local Administrators group of the server on which you're installing SQL.- Logon as service privilege.- Act as part of the OS privilege.- Replace a process level token privilege.Yet, MBSA says it should not be member of the Local Admins group?This link is for SQL 2005http://msdn.microsoft.com/en-us/library/ms191543(SQL.90).aspxIt leads me to believe that with the permissions mentioned, I could remove the service account from the local admins group?But does it apply to SQL 2000?How do you deal with this? |
|
|
|
|