Sql-server – SQL Server Agent Server Login Account

permissionsservice-accountssql-server-2017sql-server-agent

What SQL Server login does the SQL server agent use to log in to the database instance?

I am running the SQL server agent as the built in local system account.

I have created a SQL agent job which has one step. That step inserts the value of SYSTEM_USER into a table.

When i Run the job and then select from the table when the job is complete, I can see the value of SYSTEM_USER was DOMAIN\SERVERNAME$ so it seems that is what the agent is logging into the instance as.

So why can the agent log in as DOMAIN\SERVERNAME$ when it is not an SQL Login?

What privileges does this account have?

Best Answer

SERVERNAME$ is a machine account assigned to the server in Active Directory. That account maps locally as NT AUTHORITY\System. You'll see in the SQL Server security there is typically an account named NT AUTHORITY\System listed - this is how the SQL Server Agent is getting access when it is configured to run as Local System.

Microsoft Docs has a great set of details that help with choosing how to configure the service account for SQL Server Agent. It states the following:

Local System account. The name of this account is NT AUTHORITY\System. It is a powerful account that has unrestricted access to all local system resources. It is a member of the Windows Administrators group on the local computer, and is therefore a member of the SQL Server sysadmin fixed server role

Best Answer

Related Solutions

Sql-server – SQL Server Agent – Running SSIS Package with Proxy

Sql-server – What permissions should the account for MS SQL Server Agent have

Related Question