Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 Can't run SQL Agent as non-admin.

Author  Topic 

nwalter
Starting Member

39 Posts
Posted - 2007-03-21 : 16:08:14
I have a SQL 2005 server and I am trying to run the SQL Agent service under a minimal permission account. Currently the service will run fine and perform all functions if it's account is a member of the administrators group on the local machine. As soon as I remove it from the local administrators group it fails to start and the only message recorded in the log for the agent is:
[241] Startup error: Unable to initialize error reporting system (reason: The EventLog service has not been started)
[098] SQLServerAgent terminated (normally)

And given the service works fine as an administrator I doubt there is anything wrong with the eventlog service. I have also checked and the eventlog service is indeed running, recording, and operating properly. I am at a loss as to what to do next, i've followed the directions available on MSDN for doing this but it still doesn't work.

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2007-03-21 : 16:30:01
Why do you want the agent service to not be local admin? We use a domain account that has local admin privileges for both the engine service and the agent service.

Tara Kizer
http://weblogs.sqlteam.com/tarad/
Go to Top of Page

MohammedU
Posting Yak Master

145 Posts
Posted - 2007-03-22 : 01:28:33
Check BOL topic "Service Account Types Supported for SQL Server Agent" info...


MohammedU
Go to Top of Page

nwalter
Starting Member

39 Posts
Posted - 2007-03-22 : 03:11:28
I've been through that document as long as this one, http://msdn2.microsoft.com/en-us/library/ms143504.aspx . Which explains in full detail how to do this, however it apparently works.

As for why, our general practices and policies dictate that we run all service accounts under minimalistic permissions. And the second reason is we have one server that needs to have cmdexec enabled and I'd like to lock down the agent account which commands will be run under to only exactly what it needs. And since this is a supported configuration it's starting to bug me that it doesn't work based on the documentation provided.
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site