Share via

When you install sql server 2019 and specify a domain service account to run the database engine , will this account be granted the sql sysadmin role?

Greg Booth 1,371 Reputation points
2023-06-02T10:44:24.8533333+00:00

When you install sql server 2019 and specify a domain service account to run either the Sql server Database engine or the Sql server Agent service , will this account be granted the sql sysadmin role?

in this case we will be using Authentication Mode = Mixed Mode.

SQL Server Other
0 comments
Accepted answer
  1. Erland Sommarskog 121.4K Reputation points MVP Volunteer Moderator
    2023-06-02T22:00:56.27+00:00

    The service account is always sysadmin on its own instance. Here is an interesting titbit: Say that the account DOMAIN\SERVICE is used as service accounts for instances. Say further that you do xp_cmdshell sqlcmd on one instance to the other. This connection will be made with the service account, as long you don't have a proxy in place. But you will not be sysadmin on the other instance. Despite that you are logged in with the service account.

    At least, this is my recollection from the tests I ran quite a few years back.

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Robbie Varn 351 Reputation points
    2023-06-02T14:34:46.4533333+00:00

    You should always install Sql with a Domain Admin account and then specify the service account you want to use during the install and, then, sql will assign all the rights that service account will need to run sql and will NOT automatically give it sysadmin rights. If you want the service account to have sysadmin rights in sql, you will also have to specify that during the install or, afterwards, setting it manually.

    0 comments
  2. LiHongMSFT-4306 31,566 Reputation points
    2023-06-05T03:09:52.95+00:00

    Hi @Greg Booth

    Here is a similar thread you might refer to: Is the Service account a SQL admin?

    will this account be granted the sql sysadmin role?

    You can run SQL Server service under a domain account (non-admin domain account.

    For security reasons do not run sql server service as either local or domain admin account.

    Starting with SQL Server 2008 windows admin (including domain admins) by default are not granted sysadmin permission unless explictly granted during the SQL server setup.

    Please refer to this doc for more details: Configure Windows service accounts and permissions.

    Best regards,

    Cosmog Hong

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our Documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.