Share via


Server Configuration - Service Accounts

Use the Server Configuration page of the SQL Server Installation Wizard to assign login accounts to SQL Server services. The actual services configured on this page depend on the features you have selected to install.

Startup accounts used to start and run SQL Server can be domain user accounts, local user accounts, managed service accounts, virtual accounts, or built-in system accounts.

Options

You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically, are started manually, or are disabled. The default account is recommended for most installations.

On Windows 7 and Windows Server 2008 R2 most accounts default to a virtual account.

If you configure services to use domain accounts, Microsoft recommends that you configure service accounts individually to provide least privileges for each service, where SQL Server services are granted the minimum permissions they need to complete their tasks. For more information including descriptions of the types of accounts, see Configure Windows Service Accounts and Permissions.

Configure SQL Server service accounts individually (recommended)
Use the grid to provision each SQL Server service with a logon user name and password, and to set the startup type for the service. You can use built-in system accounts, a local account, local group, domain group, or domain user accounts for SQL Server services.

Select any of the following services to customize its settings.

Select this service To configure authentication settings for
SQL Server Agent The service that executes jobs, monitors, SQL Server, and allows automation of administrative tasks.

There is no default logon account for this service.

The default startup type is Manual.
SQL Server Database Engine The default startup type is Automatic.
Analysis Services The default startup type is Automatic.

For SharePoint integrated mode, you must specify a Windows domain user account. The account you specify is used for the Analysis Services service. The account you specify for the current instance must also be used for any additional Analysis Services instances that you subsequently add to the same farm.
Reporting Services Service accounts are used to configure a report server database connection. Choose the built-in network service if you want to use default authentication settings. If you specify a domain user account, be sure to register a service principle name (SPN) for it if you are using Windows Authentication on the report server. For more information, see Configure Windows Authentication on the Report Server.

The default startup type is Automatic.
Integration Services Integration Services is a set of graphical tools and programmable objects for moving, copying, and transforming data.

The default startup type is Automatic.
SQL Server Distributed Replay Client The service account used for the Distributed Replay client service.

Provide an account in which to run the Distributed Replay client service. This account should be different from the account that you use for the SQL Server service.

The default startup type is Manual.
SQL Server Distributed Replay Controller The service account used for the Distributed Replay controller service.

Provide an account in which to run the Distributed Replay controller service. This account should be different from the account that you use for the SQL Server service.

The default startup type is Manual.
SQL Server Full-text Filter Daemon Launcher The service that creates the fdhost.exe processes. This is required to host the word breakers and filters that process textual data for full-text indexing.

If you provide a domain account in which to run the FDHOST Launcher service, we highly recommend that you use a low privilege account. This account should be different from the account that you use for the SQL Server service.
SQL Server Browser SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple SQL Server and Integration Services instances. The default logon account is NT Authority\Local service and cannot be changed during SQL Server setup. You can change the account after the setup has been completed. If the startup type is not specified during setup, it is determined as follows:

SQL Server Browser is set to Automatic and running in the installation scenarios described below:
-
SQL Server failover cluster instance
-
Named instance of SQL Server where TCP or NP is enabled
-
Named instance of Analysis Server and is not clustered

If none of the above scenarios apply, and SQL Server Browser is already installed, the current state of SQL Server Browser will be maintained.

The startup type is set to Disabled and stopped if there is not an existing instance of an older SQL Server version prior to the installation.

See Also

Security Considerations for a SQL Server Installation