I'm not sure if I'm googling for the wrong thing but I can't find an answer. We're running SQL 2014. The SQL Server and SQL Agent processes are both running under Domain Managed Service Accounts.
When SQL was installed NT SERVICE\MSSQLSERVER
, NT SERVICE\SQLSERVERAGENT
, NT SERVICE\SQLWriter
, NT SERVICE\Winmgmt
are all setup as SysAdmins
.
If I am running SQL and SQL Agent as a Domain user, do I still need these NT Service accounts, and/or do they need to be SysAdmin?
Best Answer
Even if you are running SQL server as domain account, keep those
NT SERVICE\*
as is.From BOL :
These logins are members of the sysadmin fixed server role, so they can do anything in the Database Engine. Keep them in
SYSADMIN
role even if you are using Domain account. See SQL Server Per-service SID Login and Privileges section.A really good answer detailing above stuff - Service/Database Accounts - NT SERVICE\MSSQLSERVER & NT SERVICE\SQLSERVERAGENT … what are they for ?