July 13, 2010 at 3:36 am
Hi all
In 2005 when you installed using domain accounts for SQL Server Service and Agent service, the groups where created in the local users and groups with those accounts, and the groups added to SQL Logins and permissions managed there correct?
In 2008 the groups are created in local users and groups, however the domain accounts are not in those groups, nor are the groups or accounts added to SQL logins. Instead I have a NT Service\MSSQLSERVER and NT Service\SQLSERVERAGENT added to the local groups, and also those accounts added directly to SQL logins as Sysadmins.
My question is why is my instance working when the domain accounts for the services are not present anywhere in SQL Server, and also what are the NT Service accounts for? Should I add the domain accounts to the correct groups and remove the NT accounts?
July 12, 2011 at 3:34 am
Hello,
I have been looking for an answer to this as well. In direct relation to your query, I am wondering whether to add the SQLServerAgentUser$MachineName$InstanceName group as a login and add it to the Sysadmin fixed server role, or as you say, leave it as it is.
Regards,
D.
March 6, 2012 at 10:35 am
I had been looking for answer to these questions and below is a link to a decent answer.
March 6, 2012 at 12:58 pm
to summarise on from the link that dskinner provided
the two accounts nt service\mssqlserver and sqlserveragent act as a sort of proxy
it allows you to change the service account as and when you need to via configuration manger without having to worry about setting the right permissions in SQL beforehand
its basically doing a lookup to services.msc for the mssqlserver service and granting the account running that service access to SQL
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply