Microsoft® SQL Server™ must create and access files to store databases, database backups, error logs, and so on. The SQL Server process must run in the context of a security account that has the necessary permissions to create and access these files, whether these files exist on the local computer or a network drive on a remote computer. The security account SQL Server uses depends on the method used to start SQL Server. If SQL Server is started:
The security account used by SQL Server requires full access permissions to the file system to create, read, write, delete, and execute files. For example, using the Windows NTFS file system, the security account used by SQL Server requires authority to create files with NTFS Full Control permission.
To prevent unauthorized access to the files used by SQL Server, you can adjust the permissions on the files directly to allow only the security account used by SQL Server access to the files.
Note If SQL Server uses the Windows NT LocalSystem built-in security account, file permissions must be granted to the SYSTEM account of the local computer running SQL Server.
It is recommended that write permissions for users who are not SQL Server system administrators be removed from the KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer key in the Windows NT registry.
For more information about adjusting permissions on files and the Windows NT registry, see your Windows NT documentation.
| Creating SQL Server Services User Accounts | Starting SQL Server |