Database Reference
In-Depth Information
Each service in SQL Server must have an account configured during the installation. The
various account types are:
F
Built-in system account
F
Local user accounts
F
Domain user accounts
Each of these account types has various privileges on the local server and network execution
services. The built-in system accounts are the local service account, the network service
account, and the local system account.
The domain user account is a local server account that has privileges
on a domain network. As a best practice, if the service must interact
with network services such as file share or be used as linked server
connections to other servers running SQL Server, you might use a
minimally-privileged domain account to safeguard the system against
any individual services or processes which are compromised.
How to do it...
To reduce the interruption on administrative tasks, it is essential to define an indispensible
privilege to the account for instance-aware services.
As an administrative best practice, wherever possible, use a Local
Server account for a new SQL Server installation. From a security
perspective
do
not
install
SQL Server on a domain controller.
If the server is a new installation or no local account is available, then it is recommended to
create a local user or domain user account to start SQL Server services.
1. Ensure that the password suffices the enterprise security policies and is a
strong password.
2.
As seen in the following screenshot, create the local user account without Windows
Administrator privileges:
Search WWH ::
Custom Search