Don't run the SQL Server Account as Local Administrator ??

[Veronica]

Based on the advice "Don't run the SQL Server Account as Local Administrator or member of the Administrator Group"

Will this setup prevented you from using critical features? How did you get around this?



The link below makes reference as to how a critical feature "Automatic Server Restart Feature" is affected if SQL Server Account is NOT ran with sufficient priviledges.

http://msdn.microsoft.com/en-us/libr...SQL.80%29.aspx



My question is, based on what you read above, are they saying:

1.

To run the "Automatic Server Restart Feature" you should ensure the SQL Server Account logs on with "Log on as a service" rights on the computer in addition to having the following permissions:

* Full control of the main Microsoft® SQL Server™ directory (by default, \Mssql).

* Full control of the SQL Server database files, regardless of storage location.

* The Log on as a service right. Ensure that all logon hours are allowed in the Logon Hours dialog box.

* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer.

* Selection of the Password Never Expires box.

* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\MSSQLServer.

* Full control of registry keys at and below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib.



OR

2.

Alternatively if the above is not done, to run the "Automatic Server Restart Feature" the SQL Server Account MUST be a Windows NT account with local administrator privileges to:

* Create SQL Server Agent CmdExec and Microsoft ActiveX® Script jobs not belonging to members of the sysadmin fixed server role.

* Use the automatic server restart feature of SQL Server Agent.

* Create SQL Server Agent jobs to be run when the server is idle.



Basically, do you think that they are laying out two alternatives to solve the issue or just the last one?

If this is so, then this contradicts with another Microsoft advisory. Microsoft TechNet’s "Implementation of Server Level Security and Object Level Security" advises against running SQL Server services as Local System/Local Administrator.

See http://www.microsoft.com/technet/pro.../sp3sec02.mspx

MSSQL Server service should be started as a user level account. This reduces the risk that it can be used by an attacker to increase their privilege on the database server and the network. However, if SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem. The problem with running SQL Server as Local System is that it provides more privilege than is necessary.



Your valued feedback will be appreciated.

[rmiao]

They are talking samething, don't start sql services with local admin account. But the account used needs certain permissions.

[Veronica]

So basically you are saying that there is no need for the SQL Server Account to be a Windows NT account with local administrator privileges if the 1st alternative is used..??

Also based on your experience is the SQL Server Account generally not setup to have local administrator privileges?

Will appreciate your reply.

Thanks,

Veronica

[rmiao]

Correct, doesn't need local admin rights if the account has required windows permissions.