August 3, 2009 at 2:18 pm
After removing the builtin\Administrators group from SQL server Email stopped working and I could not access the error log files in management studio.
I added the sql server service account (windows domain account) as a server principal with sysadmin rights and everything began to work.
Is this the norm – do you have to add the service account when you delete the builtin\Admin account?
August 3, 2009 at 5:51 pm
Most definitely you do have to add the SQL Server service account as a SysAdmin after removing BUILTIN/Administrators.
That service account also needs rights to whatever it needs to access at the Windows level, eg. Modify (at least) rights to all the directories it's going to use for databases, backups, logs, etc.; Start as a service; Lock pages in memory (recommended); deny Log on locally (recommended), etc.
If the service account is a member of the local administrators group it gets the necessary permissions automatically and the SQL Server installation works out what else it needs as part of the installation process. The service account, either explicitly or implicitly, must be a SysAdmin within SQL Server to enable it to control everything that the database engine does.
August 4, 2009 at 5:11 am
Thanks Glenn
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply