This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I install sql server and have a custom domain account to start up , domain\usera
but I found domain\usera is not in the following group . (and my sql server is working fine)
Replace a process level token
Bypass traverse checking
Adjust memory quotas for a process
I just would like to have a look to see if these accounts permission is still a compulsory? ANd what's the usage for each one ?
These are the correct ones:
Act as part of the operating system
Lock Pages in Memory
Perform Volume Maintenance Tasks
Bypass Traverse Checking
Replace A Process Level Token
Adjust Memory Quotas For A Process
Hi @sakuraime ,
Replace a process level token setting determines which user accounts can call the CreateProcessAsUser() application programming interface (API) so that one service can start another. An example of a process that uses this user right is Task Scheduler, where the user right is extended to any processes that can be managed by Task Scheduler.
This policy setting determines which users (or a process that acts on behalf of the user’s account) have permission to navigate an object path in the NTFS file system or in the registry without being checked for the Traverse Folder special access permission. This user right does not allow the user to list the contents of a folder. It only allows the user to traverse folders to access permitted files or subfolders.
Adjust memory quotas for a process
This privilege determines who can change the maximum memory that can be consumed by a process. This privilege is useful for system tuning on a group or user basis.
This user right is defined in the Default Domain Controller Group Policy Object (GPO) and in the local security policy of workstations and servers.
By the way, did your SQL server instance default service account be added in this policy as below screenshot?
If the response is helpful, please click "Accept Answer" and upvote it, as this could help other community members looking for similar thread.
I mean if I am using custom domain account , during the installation , why it doesn't help me to put my domain account to those groups ?
yes I can see those default accounts in those permission.
***hi guys! just a "noobie" here! could you guys please explain the benefits and point of sql or running ssh on ports and all that good stuff! please and thank you, HIGHLY appreciated **strong text*****
@MRKALIRAI , I suggest you start a new thread for your question instead of asking it as an answer to an unrelated question. It's unclear what you mean by "running ssh on ports and all that good stuff" in the context of SQL Server service account permissions. You'll increase your chances of getting a quality answer by asking a clear target question on a separate thread, perhaps outlining a specific scenario you need clarification with.