I am using RAP tool for SQL Server, I get the following alerts in RAP assessment report:
SQL Server service is running under an account that is a member of the built-in Administrators group
Solution or suggestion provided by MS is
-
Create a new domain user account, MSA (Managed Service Account) or gMSA (Group Managed Service Account) without assigning any rights or permissions. Use SQL Server Configuration Manager to assign the account to the SQL Server service.
-
Avoid using the same Service Account for multiple SQL Instances, only use the same account for the instances that are member of the same cluster or availability group.
-
Review the Context and Best Practices and Learn More sections for additional considerations and details.
I am really confused exactly what i have to do or change to remove this Alert.
SQL Server is running under account MAD\SPITOPCMSQL01
What do I have to change so that this login is not member of built-in administrators?
Please help
Best Answer
The built-in Administrators group is a machine-local group. You need to connect to the machine where SQL Server is running via the Computer Management console, and remove the SQL Server service account from the "Administrators" group, as in:
Be aware, the SQL Server may, for some reason, require access to the local machine via membership in the local Administrators group. Only you can determine if this is required for your specific instance, since it is not required for an out-of-the-box install.