TIP - Do we need to run SQL Server under an administrative account?

The answer to this question is NO. However, there are some special considerations, so read on.

You don’t need to run SQL Server services under an administrative account or a Domain Admin account – neither on a standalone box nor on a cluster.

You have several options including Local System Account (only on standalone box) or a Domain Account with limited privileges.

As for Local System Account, I won’t recommend it as this is a highly privileged account on the machine and could be used to compromise security.

Your best option is to create a domain user account which can be used by ALL SQL Server services (Database Service, Agent etc.) or you can create individual domain accounts for each service.

Each of these accounts should be granted only the limited permissions required by SQL Server and should not be part of administrators group.

- During Setup - These permissions are automatically granted to the domain account that you specify during setup. You don’t have to manually grant these permissions.

- After setup – If you decide to change the startup account to a freshly created new domain account, you don’t have to manually grant any permissions. Simply follow the steps highlighted in my blog at https://blogs.msdn.com/sanchan/archive/2006/05/03/589580.aspx to change that through Configuration Manager.

If you are one of those who really love to dig deep and understand every details, you can find exactly the right permissions that the domain account needs in BOL. Refer to this link under Reviewing Windows NT Rights and Privileges Granted for SQL Server Service Accounts at the following link on MSDN2 website :


Also, there are special considerations for SQL Server Agent, refer to this KB article which talks in details about this. https://support.microsoft.com/?id=907557