Server Configuration - Service Accounts

Use the Server Configuration page of the SQL Server Installation Wizard to assign login accounts to SQL Server services. The actual services configured on this page depend on the features you have selected to install.

Startup accounts used to start and run SQL Server can be domain user accounts, local user accounts, managed service accounts, virtual accounts, or built-in system accounts.

Options

You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically, are started manually, or are disabled. The default account is recommended for most installations.

  • On Windows 7 and Windows Server 2008 R2 most accounts default to a virtual account.

  • On Windows Vista and Windows Server 2008 most accounts default to the NETWORK SERVICE account.

  • On a cluster installation on Windows Server 2008, you must provide a domain account.

If you configure services to use domain accounts, Microsoft recommends that you configure service accounts individually to provide least privileges for each service, where SQL Server services are granted the minimum permissions they need to complete their tasks. For more information including descriptions of the types of accounts, see Setting Up Windows Service Accounts.

  • Configure SQL Server service accounts individually (recommended)
    Use the grid to provision each SQL Server service with a logon user name and password, and to set the startup type for the service. You can use built-in system accounts, a local account, local group, domain group, or domain user accounts for SQL Server services.

    Select any of the following services to customize its settings.

    Select this service

    To configure authentication settings for

    SQL Server Agent

    The service that executes jobs, monitors, SQL Server, and allows automation of administrative tasks.

    There is no default logon account for this service.

    The default startup type is Manual.

    SQL ServerĀ 

    The SQL Server Database Engine.

    The default startup type is Automatic.

    SQL Server Browser

    SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple SQL Server and Integration Services instances.

    The default logon account is NT Authority\Local service and cannot be changed during SQL Server setup. You can change the account after the setup has been completed.

    If the startup type is not specified during setup, it is determined as follows:

    • SQL Server Browser is set to Automatic and running in the installation scenarios described below:

      • SQL Server failover cluster instance

      • Named instance of SQL Server where TCP or NP is enabled

      • Named instance of Analysis Server and is not clustered

    • If none of the above scenarios apply, and SQL Server Browser is already installed, the current state of SQL Server Browser will be maintained.

    • The startup type is set to Disabled and stopped if there is not an existing SQL Server 2005 or SQL Server 2008 or SQL Server 2008 R2 instance prior to the installation.

    Analysis Services

    Analysis Services.

    The default startup type is Automatic.

    For SharePoint integrated mode, you must specify a Windows domain user account. The account you specify is used for the Analysis Services service. The account you specify for the current instance must also be used for any additional Analysis Services instances that you subsequently add to the same farm.

    Reporting Services

    Reporting Services. Service accounts are used to configure a report server database connection. Choose the built-in network service if you want to use default authentication settings. If you specify a domain user account, be sure to register a service principle name (SPN) for it if you are using Windows Authentication on the report server. For more information, see How to: Configure Windows Authentication in Reporting Services.

    The default startup type is Automatic.

    Integration Services

    Integration Services is a set of graphical tools and programmable objects for moving, copying, and transforming data.

    The default startup type is Automatic.

    SQL Server Full-text Filter Daemon Launcher

    The service that creates the fdhost.exe processes. This is required to host the word breakers and filters that process textual data for full-text indexing.

    If you provide a domain account in which to run the FDHOST Launcher service, we highly recommend that you use a low privilege account. This account should be different from the account that you use for the SQL Server service. On Windows Vista and Windows Server 2008, the FDHOST Launcher service account defaults to LOCAL SERVICE.

    SQL Server Distributed Replay Client

    The service account used for the Distributed Replay client service.

    Provide an account in which to run the Distributed Replay client service. This account should be different from the account that you use for the SQL Server service.

    The default startup type is Manual.

    SQL Server Distributed Replay Controller

    The service account used for the Distributed Replay controller service.

    Provide an account in which to run the Distributed Replay controller service. This account should be different from the account that you use for the SQL Server service.

    The default startup type is Manual.

See Also

Other Resources

Security Considerations for a SQL Server Installation