Sql-server – What permissions are required for SQL Server to run as a (active directory) domain user

active-directorysql serverwindows-server-2003

I wish to switch the SQL Server 2005 service from running as a local user to running under a domain user (mainly so I can make backups to domain-permissioned shares). I can't seem to find a definitive list of the windows permissions that I should grant that domain user, does anyone know where I can find a list?

Alternatively, is there a local group on the SQL server box I should make the domain user a member of?

Thanks in advance,

-James

Best Answer

This is what I did:

Create a new domain user named sql_user, granting logon to the SQL Server target machine
On the target SQL Server machine, using the users control panel add the domain user to the group SQLServer2005MSSQLUser$HOST$MSSQLSERVER (beware there is a similar group named: SQLServer2005MSFTEUser$HOST$MSSQLSERVER which it seems the user does not need to be a member of)
Grant sql_user the ability to lock pages in memory if using the AWE extensions, see also: MSDN article
Change the SQL Server service to startup as the new domain user in the service control panel
Give sql_user write permission to the c:\program files\microsoft sql server directory and all subdirectories
Give sql_user write permission to the datafiles for all of your databases
Restart the database service
Check the Windows Error log for any errors

Best Answer

Related Solutions

SQL Server – Best Practice for Database Owner in SQL Server 2005

SQL Server – Can’t Connect Using ‘sa’ Account, What Am I Missing?

Related Topic