Export (0) Print
Expand All
5 out of 21 rated this helpful - Rate this topic

Service Account

SQL Server 2005

Updated: 5 December 2005

SQL Server Express users: click Service Account (SQL Server Express) for information that is specific to SQL Server Express Setup.

Use the Service Account page of the Microsoft SQL Server Installation Wizard to assign a login account to the SQL Server services. The actual services configured on this page depend on the features you have selected to install.

You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically.

ms143691.security(en-US,SQL.90).gifSecurity Note:
Setting strong passwords is essential to the security of your system. Always use strong passwords.

Customize the logon for each service account

Select the Customize for each service account check box to customize settings for individual services.

This option assigns specific logon accounts to individual services. Click this check box to implement the principle of least privileges, where SQL Server services are granted the minimum permissions they need to complete their tasks. For more information, see Setting Up Windows Service Accounts.

If this check box is not selected, the same account and settings are used for all SQL Server services.

Select any of the following services to customize its settings.

Select this service To configure authentication settings for

SQL Server

The SQL Server Database Engine

SQL Server Agent

The service that executes jobs, monitors, SQL Server, and allows automation of administrative tasks.

Analysis Services

Analysis Services

Reporting Services

Reporting Services. Service accounts are used to configure a report server database connection. Choose a domain user account if you want to connect to a report server database on a remote SQL Server instance. If you are using a local report server database, you can use a domain user account or Local System to run the service.

SQL Server Browser

SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple SQL Server and Integration Services instances.

Use the built-in System account

You can assign Local System, Network Service, or Local Service to the logon for the configurable SQL Server services.

The Local System option specifies a local system account that does not require a password to connect to SQL Server on the same computer. However, the local system account may restrict the SQL Server installation from interacting with other servers, depending on the privileges granted to the account.

ms143691.note(en-US,SQL.90).gifImportant:
Local System is a powerful account; it may not be appropriate for all Service settings. For more information, see Security Considerations for a SQL Server Installation.

The Network Service account is a special, built-in account that is similar to an authenticated user account. The Network Service account has the same level of access to resources and objects as members of the Users group. Services that run as the Network Service account access network resources using the credentials of the computer account.

ms143691.note(en-US,SQL.90).gifImportant:
We recommend that you do not use the Network Service account for the SQL Server or the SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL Server services.

The Local Service account is a special, built-in account that is similar to an authenticated user account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with no credentials.

For more information on service accounts, see Setting Up Windows Service Accounts.

Use a domain user account

Specifies a domain user account that uses Windows Authentication to set up and connect to SQL Server. Microsoft recommends using a domain user account with minimal rights for the SQL Server service, as the SQL Server service does not require administrator account privileges.

The SQL Server Agent account must have administrator privileges if you create CmdExec and ActiveScript jobs that belong to someone other than a SQL Server administrator, or if you use the AutoRestart feature. If the above features are requirements in your environment, consider using separate service accounts for the SQL Server and SQL Server Agent services.

For strong password guidelines, see Authentication Mode.

ms143691.note(en-US,SQL.90).gifNote:
The domain name cannot be a full DNS name. For example, if your DNS name is my-domain-name.com, use my-domain-name in the domain field. SQL Server Setup will not accept my-domain-name.com in the domain field.

Start services at the end of SQL Server Setup

Automatically starts the services when your operating system is started. For SQL Server 2005, the services Auto-start option will be selected by default for SQL Server, Analysis Services, and Reporting Services.

ms143691.note(en-US,SQL.90).gifNote:
The SQL Server Agent service depends on the SQL Server service. If you select the Auto-start check box for SQL Server Agent, Auto-start is automatically selected for the SQL Server service and it cannot be unchecked unless you uncheck the option for SQL Server Agent.

ms143691.note(en-US,SQL.90).gifImportant:
Off by Default - To enhance security in SQL Server 2005, some services and features are not activated by default. They have to be configured and enabled after Setup is complete. For more information, see SQL Server Surface Area Configuration and Security Considerations for a SQL Server Installation.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.