April 2, 2008 at 9:03 am
hi guys, i need to create an account for my services in sql server like sql server agent, reporting services, etc. I know this account should be a domain account with network rights. so my question is, in active directory from my domain i should create this acccount with which permissions, should it be administrator?
April 2, 2008 at 9:44 am
I like the rule of only giving accounts the access rights they actually need. So, I never make a SQL service account a domain admin. I also tend to create different accounts for the SQL Service, the Agent service, etc.
So, this will all depend on what your server will need to access. Lots of SQL servers do not even need a domain account. Examine the features of SQL you will be using and set the account permissions accordingly.
April 2, 2008 at 10:01 am
thanks for your quick answer, i have many other servers some in my same domain some in others, so i need a domain account correct? this account should be created in active directory first? if i don't want to add them as administrator what permissions should it have to be able to access the network? and then add it to the SQLServer2005SQLAgentUser group in sql server?
sorry if i am asking you dumb questions... :blush:
April 2, 2008 at 10:10 am
What does your SQL Server need network access for? Why would all of your servers need to use the same account?
You probably want to use SQL Mail, that is a good reason to have a domain account you can access. Your SQL Agent may need to run something that interacts with the file system on a network share, or it may need to run an SSIS package stores on another SQL Server.
Figure out these requirements. Determine what each SQL server instance is going to be doing. That is what will determine what permissions you need.
If you are building an application from the ground up, start with leaving the server running under the local system account and change this to a domain account as you come across something you need.
April 2, 2008 at 11:28 am
I need to be able to create ssis packages stores on another server, or interact with the file system on a network share. I have Database Mail not sql mail. If i create a domain account in my dns active directory to run sql server agent, does it have to have any special permissions to be able to do this?
April 2, 2008 at 12:12 pm
No, it can be a basic account with access granted to the SSIS server, the file share, and give it an email account.
Ask your network administrator what permissions would be needed to accomplish these individual tasks.
April 2, 2008 at 12:19 pm
thank you!! 🙂
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply