locked
SQL Server 2005 Service Accounts RRS feed

  • Question

  • I have been managing SQL Server by creating specific active directory acounts and groups.  As part of PCI and SOX, I am being asked what are the following accounts and are they really needed.  Does anyone know if I could remove these accounts?

    ServerName1\SQLServer2005MSFTEUser$ServerName1$MSSQLSERVER
    ServerName1\SQLServer2005MSSQLUser$ServerName1$MSSQLSERVER
    ServerName1\SQLServer2005SQLAgentUser$ServerName1$MSSQLSERVER
    Tuesday, December 8, 2009 5:31 PM

Answers

  • These accounts are created by default from the WINDOWS user groups. And these windows groups are created by SQL installation for each instance.

    Through these logins in SQL server , you can just add windows / domain login as a login in SQL server through group mapping.
    But if you want to delete them from SQL logins  , make sure all the users under this group at the OS level are explicitly added to SQL logins.

    For "SQLServer2005MSFTEUser$ComputerName$InstanceName", the description should be: "Members in the group have the required access and privileges to be assigned as the log on account for the associated instance of SQL Server FullText Search in SQL Server 2005".

    And for "SQLServer2005MSSQLUser$ComputerName$InstanceName", the description should be: "Members in the group have the required access and privileges to be assigned as the log on account for the associated instance of SQL Server in SQL Server 2005".

    samething with AGENT .
    Thanks, Leks
    Tuesday, December 8, 2009 5:40 PM