| Service account for | Files and folders | Access |
| MSSQLServer | Instid\MSSQL\backup D:\backups | Full control |
| Instid\MSSQL\binn | Read, Execute | |
| Instid\MSSQL\data + G:\MSSQL10.MSSQLSERVER\MSSQL\DATA + index folders H:\MSSQL10.MSSQLSERVER\MSSQL\LOG\ (include Tempdb directory) | Full control | |
| Instid\MSSQL\FTData | Full control | |
| Instid\MSSQL\Install | Read, Execute | |
| Instid\MSSQL\Log | Full control | |
| Instid\MSSQL\Repldata | Full control | |
| 100\shared | Read, Execute | |
| SQLServerAgent | Instid\MSSQL\binn | Full control |
| Instid\MSSQL\Log | Read, Write, Delete, Execute | |
| 100\com | Read, Execute | |
| 100\shared | Read, Execute | |
| 100\shared\Errordumps | Read, Write | |
| ServerName\EventLog | Full control | |
| FTS | Instid\MSSQL\FTData | Full control |
| Instid\MSSQL\FTRef | Read, Execute | |
| 100\shared | Read, Execute | |
| 100\shared\Errordumps | Read, Write | |
| Instid\MSSQL\Install | Read, Execute | |
| Instid\MSSQL\jobs | Read, Write | |
| SQLServerReportServerUser | Instid\Reporting Services\Log Files | Read, Write, Delete |
| Instid\Reporting Services\ReportServer | Read, Execute | |
| Instid\Reportingservices\Reportserver\global.asax | Full control | |
| Instid\Reportingservices\Reportserver\Reportserver.config | Read | |
| Instid\Reporting Services\reportManager | Read, Execute | |
| Instid\Reporting Services\RSTempfiles | Read, Write, Execute, Delete | |
| 100\shared | Read, Execute | |
| 100\shared\Errordumps | Read, Write | |
| SQL Server Browser | 100\shared\ASConfig | Read |
| 100\shared | Read, Execute | |
| 100\shared\Errordumps | Read, Write | |
| SQLWriter | N/A (Runs as local system) | |
| User | Instid\MSSQL\binn | Read, Execute |
| Instid\Reporting Services\ReportServer | Read, Execute, List Folder Contents | |
| Instid\Reportingservices\Reportserver\global.asax | Read | |
| Instid\Reporting Services\ReportManager | Read, Execute | |
| Instid\Reporting Services\ReportManager\pages | Read | |
| Instid\Reporting Services\ReportManager\Styles | Read | |
| 100\tools | Read, Execute | |
| 90\tools | Read, Execute | |
| 80\tools | Read, Execute | |
| 100\sdk | Read | |
| Microsoft SQL Server\100\Setup Bootstrap | Read, Execute | |
| +any physical folders the application access |
** this needs the service restart
1. Need separate domain accounts with least priority for each service. Create one each for the following services
a. SQL Server
b. SQL Server agent
c. Reporting services
2. To change the service accounts, password, service startup type, or other properties of any SQL Server–related service, use SQL Server Configuration Manager. For reporting services, use the Reporting Services Configuration Tool.
** must grant SQL Service Account account the windows permission "Perform Volume maintenance Tasks"
Post a Comment
Post a Comment