none
Can I delete NT SERVICE\SQLWriter and NT SERVICE\Winmgmt logins? RRS feed

  • Question

  • We’ve just installed our first SQL2012 instance and migrated some SQL2008 databases to it. I noticed we have 2 new logins with sa role. Can I safely delete them?

    Thursday, July 3, 2014 9:17 PM

Answers

  • We’ve just installed our first SQL2012 instance and migrated some SQL2008 databases to it. I noticed we have 2 new logins with sa role. Can I safely delete them?

    These accounts are created by default with SQL server 2012 installation. I consider them harmless.

    http://msdn.microsoft.com/en-us/library/ms175536.aspx

    The SQL Writer service uses the NT Service\SQLWriter login to connect to SQL Server. Using the NT Service\SQLWriter login allows the SQL Writer process to run at a lower privilege level in an account designated as no login, which limits vulnerability. If the SQL Writer service is disabled, then any utility which in relies on VSS snapshots, such as System Center Data Protection Manager, as well as some other 3rd-party products, would be broken, or worse, at risk of taking backups of databases which were not consistent.

    Windows Management Instrumentation (WMI) must be able to connect to the Database Engine. To support this, the per-service SID of the Windows WMI provider (NT SERVICE\winmgmt) is provisioned in the Database Engine.

    For complete details please read below

    http://msdn.microsoft.com/en-us/library/ms143504.aspx


    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.

    My TechNet Wiki Articles

    Thursday, July 3, 2014 9:57 PM

All replies

  • Hi,

    There is a good chance that those are orphaned SQL Server users. Please check this link and fix all orphaned SQL Server users before any other action is done:
    http://msdn.microsoft.com/en-us/library/ms175475.aspx

    * First detect orphaned users and then resolve an orphaned user as needed.


    [Personal Site] [Blog] [Facebook]signature

    Thursday, July 3, 2014 9:29 PM
    Moderator
  • These are logins at the instance level. Not users at the DB level
    Thursday, July 3, 2014 9:36 PM
  • We’ve just installed our first SQL2012 instance and migrated some SQL2008 databases to it. I noticed we have 2 new logins with sa role. Can I safely delete them?

    These accounts are created by default with SQL server 2012 installation. I consider them harmless.

    http://msdn.microsoft.com/en-us/library/ms175536.aspx

    The SQL Writer service uses the NT Service\SQLWriter login to connect to SQL Server. Using the NT Service\SQLWriter login allows the SQL Writer process to run at a lower privilege level in an account designated as no login, which limits vulnerability. If the SQL Writer service is disabled, then any utility which in relies on VSS snapshots, such as System Center Data Protection Manager, as well as some other 3rd-party products, would be broken, or worse, at risk of taking backups of databases which were not consistent.

    Windows Management Instrumentation (WMI) must be able to connect to the Database Engine. To support this, the per-service SID of the Windows WMI provider (NT SERVICE\winmgmt) is provisioned in the Database Engine.

    For complete details please read below

    http://msdn.microsoft.com/en-us/library/ms143504.aspx


    Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.

    My TechNet Wiki Articles

    Thursday, July 3, 2014 9:57 PM
  • sorry my mistake, I read it to fast :-)

    check Shanky's response pls (there are different uinr by default on different versions of SQL). You probably mean sysadmin rule.


    [Personal Site] [Blog] [Facebook]signature

    Thursday, July 3, 2014 10:11 PM
    Moderator