SQL Server Configuration - Service Accounts

SQL Server Setup

Use the Server Configuration page of the SQL Server Installation Wizard to assign login accounts to SQL Server services. The actual services that are configured on this page depend on the features you have selected to install.

Options

You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically, are started manually, or are disabled. Microsoft recommends that you configure service accounts individually to ensure that SQL Server services are granted the minimum required permissions to complete their tasks. For more information, see Setting Up Windows Service Accounts.

Configure SQL Server service accounts individually (recommended)

Use the grid to provision each SQL Server service with a logon user name and password, and to set the startup type for the service. You can use built-in system accounts, a local account, local group, domain group, or domain user accounts for SQL Server services.

For failover cluster installations, account name and startup type infromation will be pre-populated on this page based on settings provided for the active node. You must provide passwords for each account.

Select any of the following services to customize its settings.

Select this service To configure authentication settings for

SQL Server Agent

The service that runs jobs, monitors, SQL Server, and allows automation of administrative tasks.

There is no default login account for this service.

The default startup type is Manual.

SQL Server

The SQL Server Database Engine.

There is no default login account for this service.

The default startup type is Automatic.

SQL Server Browser

SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple instances of SQL Server and Integration Services.

The default login account is NT Authority\Local service and cannot be changed.

The default startup type is Automatic.

Analysis Services

Analysis Services.

There is no default login account for this service.

The default startup type is Automatic.

Reporting Services

Reporting Services.

Service accounts are used to configure a report server database connection. Choose the built-in network service if you want to use default authentication settings. If you specify a domain user account, be sure to register a service principle name (SPN) for it if you are using Windows Authentication on the report server. For more information, see How to: Configure Windows Authentication in Reporting Services.

Important:
Microsoft recommends that you do not use the Network Service account for the SQL Server or the SQL Server Agent services if an account with lesser privileges is available, because Network Service is a shareable account. Network Service is appropriate for use as a SQL Server service account only if you can ensure that no other services that use the account are installed on the computer. Local User or Domain User accounts that are not a Windows administrator are more appropriate for SQL Server services.

There is no default login account for this service.

The default startup type is Automatic.

Integration Services

Integration Services is a set of graphical tools and programmable objects for moving, copying, and transforming data.

The default login account for this service is NT Authority\Network Service.

The default startup type is Automatic.

SQL Full-text Filter Daemon Launcher

The service that creates the fdhost.exe processes. This is required to host the word breakers and filters that process textual data for full-text indexing.

Provide an account in which to run the FDHOST Launcher service. We highly recommend that you use a low privilege account. This account should be different from the account that you use for the SQL Server service. On Windows Vista and Windows Server 2008, the FDHOST Launcher service account defaults to LOCAL SERVICE.

For security reasons, on Windows versions earlier than Windows Vista and Windows Server 2008, we recommend using a specially-created LOCAL USER as the FDHOST Launcher service account. The use of the LOCAL SYSTEM, LOCAL SERVICE, or NETWORK SERVICE might inadvertently provide increased privileges for the service and can reduce the security of your SQL Server installation.

The FDHOST Launcher service is started automatically unless the service account is not valid or you do not specify a service account (on Windows Server 2003 or Windows XP).

See Also