Database Engine Configuration - Account Provisioning
Use this page to set the SQL Server security mode, and to add Windows users or groups as administrators of the SQL Server Database Engine.
On previous versions of SQL Server, the BUILTIN\Administrators group was provisioned as a login in the Database Engine and members of the local Administrators group could login using their Administrator credentials. Using elevated permissions is not a best practice. In SQL Server 2016 the BUILTIN\Administrators group is not provisioned as a login. As a result, you should create a SQL Server login for each administrative user, and add that login to the sysadmin fixed server role during installation of a new instance of SQL Server 2016. You should also do this for Windows accounts that are used to run SQL Server agent jobs. These include replication agent jobs.
Security Mode - Select Windows Authentication or Mixed Mode Authentication for your installation.
Windows Principal Provisioning - In previous versions of SQL Server, the Windows Builtin\Administrator local group was placed into the SQL Server sysadmin server role, effectively granting Windows administrators access to the instance of SQL Server. In SQL Server 2016, the Builtin\Administrator group is not provisioned in the sysadmin server role. Instead, you should explicitly provision SQL Server administrators for new installations during Setup.
You must explicitly provision SQL Server administrators for new installations during Setup. Setup will not allow you to continue until you complete this step.
Specify SQL Server Administrators - You must specify at least one Windows principal for the instance of SQL Server. To add the account under which SQL Server Setup is running, click the Current User button. To add or remove accounts from the list of system administrators, click Add or Remove, and then edit the list of users, groups, or computers that will have administrator privileges for the instance of SQL Server.
When you are finished editing the list, click OK, then verify the list of administrators in the configuration dialog. When the list is complete, click Next.
If you select Mixed Mode Authentication, you must provide logon credentials for the builtin SQL Server system administrator (SA) account.
Do not use a blank password. Use a strong password.
For more information about choosing Windows Authentication vs. SQL Server Authentication, see the topic Choose an Authentication Mode in SQL Server Books Online.
For more information about choosing an account to run the SQL Server Database Engine, see the topic Configure Windows Service Accounts and Permissions in SQL Server Books Online.