-->

SQL Server Service Accounts

Post a Comment

Service account for

Files and folders

Access

MSSQLServer

Instid\MSSQL\backup

D:\backups

Full control

 

Instid\MSSQL\binn

Read, Execute

 

Instid\MSSQL\data +

G:\MSSQL10.MSSQLSERVER\MSSQL\DATA + index folders

H:\MSSQL10.MSSQLSERVER\MSSQL\LOG\

(include Tempdb directory)

Full control

 

Instid\MSSQL\FTData

Full control

 

Instid\MSSQL\Install

Read, Execute

 

Instid\MSSQL\Log

Full control

 

Instid\MSSQL\Repldata

Full control

 

100\shared

Read, Execute

SQLServerAgent

Instid\MSSQL\binn

Full control

 

Instid\MSSQL\Log

Read, Write, Delete, Execute

 

100\com

Read, Execute

 

100\shared

Read, Execute

 

100\shared\Errordumps

Read, Write

 

ServerName\EventLog

Full control

FTS

Instid\MSSQL\FTData

Full control

 

Instid\MSSQL\FTRef

Read, Execute

 

100\shared

Read, Execute

 

100\shared\Errordumps

Read, Write

 

Instid\MSSQL\Install

Read, Execute

 

Instid\MSSQL\jobs

Read, Write

SQLServerReportServerUser

Instid\Reporting Services\Log Files

Read, Write, Delete

 

Instid\Reporting Services\ReportServer

Read, Execute

 

Instid\Reportingservices\Reportserver\global.asax

Full control

 

Instid\Reportingservices\Reportserver\Reportserver.config

Read

 

Instid\Reporting Services\reportManager

Read, Execute

 

Instid\Reporting Services\RSTempfiles

Read, Write, Execute, Delete

 

100\shared

Read, Execute

 

100\shared\Errordumps

Read, Write

SQL Server Browser

100\shared\ASConfig

Read

 

100\shared

Read, Execute

 

100\shared\Errordumps

Read, Write

SQLWriter

N/A (Runs as local system)

 

User

Instid\MSSQL\binn

Read, Execute

 

Instid\Reporting Services\ReportServer

Read, Execute, List Folder Contents

 

Instid\Reportingservices\Reportserver\global.asax

Read

 

Instid\Reporting Services\ReportManager

Read, Execute

 

Instid\Reporting Services\ReportManager\pages

Read

 

Instid\Reporting Services\ReportManager\Styles

Read

 

100\tools

Read, Execute

 

90\tools

Read, Execute

 

80\tools

Read, Execute

 

100\sdk

Read

 

Microsoft SQL Server\100\Setup Bootstrap

Read, Execute

 

+any physical folders the application access

 

 

** this needs the service restart

1. Need separate domain accounts with least priority for each service. Create one each for the following services

a. SQL Server

b. SQL Server agent

c. Reporting services

2. To change the service accounts, password, service startup type, or other properties of any SQL Server–related service, use SQL Server Configuration Manager. For reporting services, use the Reporting Services Configuration Tool.

 

** must grant SQL Service Account account the windows permission "Perform Volume maintenance Tasks"

Related Posts

There is no other posts in this category.

Post a Comment

Subscribe Our Newsletter