Specific OS permissions for SQL Service User

Question

Using Win2008R2 SP1 and SQL Server 2008 R2 SP1 (Express)

 

In http://msdn.microsoft.com/en-us/library/ms143504.aspx  regarding permissions and rights for the service users, it states setup adds the following for the SQL Server user group

Log on as a service (SeServiceLogonRight)1
Replace a process-level token (SeAssignPrimaryTokenPrivilege)
Bypass traverse checking (SeChangeNotifyPrivilege)
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
Permission to start SQL Server Active Directory Helper
Permission to start SQL Writer
Permission to read the Event Log service
Permission to read the Remote Procedure Call service

With the important note - "For SQL Server instances on Windows Vista and higher, Log on as a service, Replace a process-level token, Bypass traverse checking, and Adjust memory quotas for a process user rights are granted to the SQL Server service SID."

But what I see post setup does not match that fully

For Log on as Service - it aded the service SID AND the username set during install to run sql server (specific user account)

Does that make any sense, shouldn't it just be the service SID (it is for all others listed).

Will SQL Server blow up without these permissions?  The DoD Compliance rules for Windows do not allow these accounts these permissions.

 

 

Answer 1

Hi skapinos,

This is more like a SQL Server Account question other than setup/upgrade. I will move your post to SQL Server security forum for better support.

---

Best Regards,
Peja

Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.