Monday, December 12, 2011 10:59 PM
Using Win2008R2 SP1 and SQL Server 2008 R2 SP1 (Express)
In http://msdn.microsoft.com/en-us/library/ms143504.aspx regarding permissions and rights for the service users, it states setup adds the following for the SQL Server user group
Log on as a service (SeServiceLogonRight)1
Replace a process-level token (SeAssignPrimaryTokenPrivilege)
Bypass traverse checking (SeChangeNotifyPrivilege)
Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
Permission to start SQL Server Active Directory Helper
Permission to start SQL Writer
Permission to read the Event Log service
Permission to read the Remote Procedure Call service
With the important note - "For SQL Server instances on Windows Vista and higher, Log on as a service, Replace a process-level token, Bypass traverse checking, and Adjust memory quotas for a process user rights are granted to the SQL Server service SID."
But what I see post setup does not match that fully
For Log on as Service - it aded the service SID AND the username set during install to run sql server (specific user account)
Does that make any sense, shouldn't it just be the service SID (it is for all others listed).
Will SQL Server blow up without these permissions? The DoD Compliance rules for Windows do not allow these accounts these permissions.
- Moved by Peja TaoModerator Tuesday, December 13, 2011 7:04 AM (From:SQL Server Setup & Upgrade)
Tuesday, December 13, 2011 7:03 AMModerator
This is more like a SQL Server Account question other than setup/upgrade. I will move your post to SQL Server security forum for better support.
Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.