When running on Microsoft® Windows NT®, Microsoft SQL Server™ and SQL Server Agent are started and run as Windows NT services named MSSQLServer and SQLServerAgent. For these services to run, they must be assigned a Windows NT user account. Both services may be assigned the same user account.
Note Microsoft Windows® 95/98 does not support Windows NT services; instead, SQL Server simulates the MSSQLServer and SQLServerAgent services. You do not need to create user accounts for these simulated services.
Three types of accounts can be assigned to SQL Server services:
The local system and local user accounts do not have network access rights. Using a local account restricts SQL Server from interacting with other servers. Some server-to-server activities can be performed only with a domain user account. For example:
This restriction applies if you are using Microsoft Exchange. Most other mail systems also require clients (MSSQLServer and SQLServerAgent) to be run on accounts with network access.
Note Another service, Microsoft Search, is installed with the full-text search custom installation option. Microsoft Search service is always assigned the local system account.
All domain user accounts must have permission to:
In addition, these permissions are required for certain functionality to work.
Service | Permission | Functionality |
---|---|---|
MSSQLServer | Network write privileges | Write to a mail slot using xp_sendmail |
MSSQLServer | Act as part of operating system and replace process level token | Run xp_cmdshell for a user other than a SQL Server administrator |
SQLServerAgent | Member of the Administrators local group | Create CmdExec and ActiveScript jobs belonging to someone other than a SQL Server administrator |
SQLServerAgent | Member of the Administrators local group | Use the autorestart feature |
SQLServerAgent | Member of the Administrators local group | Use run-when-idle jobs |
It is recommended that you use a domain user account that is a member of the Administrators local group.
Note Several servers running SQL Server can share the same user account. When setting up replication, it is recommended that a Publisher and all its Subscribers share the same account.
After you have installed SQL Server, you can change the user account assigned to any of the SQL Server services by using the Services application in Control Panel. You can also change the MSSQLServer and SQLServerAgent services through SQL Server Enterprise Manager. Each service must be changed individually. The new user account will take effect the next time each service is started.
Important If full-text search is installed on the computer, do not change the MSSQLServer account information in the Services application in the Control Panel. While the Microsoft Search service is always assigned to the local system account, it keeps track of the MSSQLServer service account. You must change the MSSQLServer service account in SQL Server Enterprise Manager for the Microsoft Search service to stay in sync.
For information about creating Windows NT user accounts, granting advanced user rights, setting password expiration, and managing group memberships, see your Windows NT documentation or User Manager for Domains Help.
To set up a SQL Server service to log on under a different user account