Can I drop or disable the default NT Service Accounts from SSMS Logins?

Michelle Lopez Santos 41 Reputation points
2022-08-22T08:30:51.323+00:00

The following accounts are automatically created upon SQL Server installation:

  • NT SERVICE\SQLWriter
  • NT SERVICE\Winmgmt
  • NT SERVICE\MSSQLSERVER
  • NT SERVICE\SQLSERVERAGENT

If I am using a seperate domain account to use as SQL Service and SQL Agent login, is it safe to disable/ delete these default accounts?

SQL Server | Other
0 comments No comments
{count} votes

Accepted answer
  1. CathyJi-MSFT 22,396 Reputation points Microsoft External Staff
    2022-08-23T07:17:51.267+00:00

    Hi @Michelle Lopez Santos ,

    These accounts are created by default with SQL server installation. I consider them harmless. I suggest you do not delete them.

    The SQL Writer service uses the NT Service\SQLWriter login to connect to SQL Server. Using the NT Service\SQLWriter login allows the SQL Writer process to run at a lower privilege level in an account designated as no login, which limits vulnerability. If the SQL Writer service is disabled, then any utility which in relies on VSS snapshots, such as System Center Data Protection Manager, as well as some other 3rd-party products, would be broken, or worse, at risk of taking backups of databases which were not consistent.

    Windows Management Instrumentation (WMI) must be able to connect to the Database Engine. To support this, the per-service SID of the Windows WMI provider (NT SERVICE\winmgmt) is provisioned in the Database Engine.

    For NT Service\MSSQLSERVER and NT Service\SQLSERVERAGENT, if they are no longer the service account for SQL server service and agent service, you should be able to disable them , provided that they don't own any objects or the like.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    4 people found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Bjoern Peters 8,921 Reputation points
    2022-08-22T11:58:22.16+00:00

    I won't recommend deleting those users, BUT...

    If you have specific service users for the SQL Service and SQL Agent, then it might be safe to delete "NT SERVICE\MSSQLSERVER" and "NT SERVICE\SQLSERVERAGENT."

    If you never use VSS Snapshot for SQL Server backup on that server, then you should disable SQL Server Writer Service and then drop that user "NT SERVICE\SQLWriter"
    https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/sql-writer-service?view=sql-server-ver15

    "NT SERVICE\Winmgmt" is a little bit different... as the name suggests, it is used for WMI, and several monitoring and/or automation systems (or even your server admins) are using WMI and Powershell to gather information. If you delete that user, they won't be able to do so (at least on your SQL Server)

    3 people found this answer helpful.
    0 comments No comments

  2. Zheng, Xiaogang 6 Reputation points
    2024-02-28T22:38:48.9466667+00:00

    If I don't disable them, just revoke the sysadmin role from these four accounts, is it okay? Thanks


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.