Export (0) Print
Expand All

Creating Windows Service Accounts (64-bit)

SQL Server 2000

  This topic applies only to SQL Server 2000 (64-bit).

Microsoft® SQL Server™ 2000 (64-bit) has three service accounts on the 64-bit versions of the Windows® Server 2003 family operating system: Microsoft SQL Server, SQL Server Agent, and Analysis Services. These services appear in the list of installed services in Services, in Administrative Tools, which you can find in Control Panel. The following table shows each service name and the term used to refer to the default and named instances of SQL Server, as displayed in Services.

Service Default Instance Named Instance
Microsoft SQL Server MSQLSERVER MSSQL$instancename
SQL Server Agent SQLSERVERAGENT SQLAgent$instancename
Analysis Services MSSQLServerOlapService  

Typically, these services are assigned the same user account, either the local system account or a domain user account. However, during Setup you can customize the settings for each service.

Using the Local System Account

The local system account does not require a password, does not have network access rights, and restricts your SQL Server installation from interacting with other servers.

Using a Domain User Account

A domain user account uses Windows Authentication so that the same login used for connecting to the network is also used for connecting to SQL Server. A domain user account is typically used because many server-to-server activities can be performed only with a domain user account. For example:

  • Remote procedure calls.

  • Replication.

  • Backing up to network drives.

  • Heterogeneous joins that involve remote data sources.

  • Analysis Services linked cubes.
Requirements for Domain User Account

All domain user accounts must have permission to:

  • Access and change the SQL Server folder (\Programs Files\Microsoft SQL Server\Mssql).

  • Access and change the .mdf, .ndf, and .ldf database files.

  • Log on as a service.

  • Read and write registry keys at and under:
    • HKEY_LOCAL_MACHINE\Software\Microsoft\MSSQLServer (default instance)

    • HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server (any named instance)

    • HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\MSSQLServer (default instance)

    • HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\MSSQL$Instance (any named instance)

    • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Peflib

Analysis Services domain accounts should have the following permissions:

  • Access and change the Analysis Services folder (Program Files\Microsoft Analysis Services\).

  • Log on as a service.

  • Read and write registry keys at and under:
    • HKEY_LOCAL_MACHINE\Software\Microsoft\OLAP Server

    • HKEY_LOCAL_MACHINE\System\CurrentControlset\Services\MSSQLServerOLAPService

In addition, a domain user account must be able to read and write corresponding registry keys for these services: SQLAgent$instancename, MSSEARCH, and MSDTC.

This table shows additional permissions required for specified functionalities.

Service Permission Functionality
SQL Server Network write privileges Write to a mail slot using xp_sendmail.
SQL Server Act as part of operating system and replace a process level token Run xp_cmdshell for a user other than a SQL Server administrator.
SQL Server Member of local Power Users or local Administrators group Add and delete SQL Server objects in Active Directory.
SQL Server Agent Member of the local Administrators group Create CmdExec and ActiveScript jobs belonging to someone other than a SQL Server administrator.

Use the auto restart feature.

Use run-when-idle jobs.
MSSQLServerOLAPService Member of the OLAP Administrators group To use the Analysis Manager 2000 administration tool.

Changing User Accounts

To change the password or other properties of any SQL Server related service after installing SQL Server, go to Control Panel, click Administrative Tools, and then click Services. If you are administering the 64-bit Server remotely from a 32-bit SQL Server, you can also use SQL Server Enterprise Manager. If you change the Windows password for any service account, be sure to also change the password setting for the service. A service that logs on to a user account cannot start without the current password setting for the account.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft