locked
Run as Domain User RRS feed

  • Question

  • Trying to install SQL 2005 Std. During the installation I am specifying a regular windows domain account for the SQL Service and SQL Agent to run under. During the installation it tries to start the services, but fails. I was under the impression that setup will grant the necessary permissions to allow this account to run properly. If during the install I select to run the services under the Local System account  everything installs fine. I can then use the SQL Server Configuration Manager and change the services to run under a windows domain account and everything works.

     

    Is there any permissions that need to be in place before I start the installation?

    Friday, October 30, 2009 8:03 PM

Answers

  • Normally if the Domain Admin is a Local Administrator then it should have the following security privileges but it is worth checking.

    Run-> Secpol.msc -> User Rights Assignment: Add the domain user to the below listed security privileges:

    Log on as a service (SeServiceLogonRight)

    Log on as a batch job (SeBatchLogonRight)

    Replace a process-level token (SeAssignPrimaryTokenPrivilege)

    Bypass traverse checking (SeChangeNotifyPrivilege)

    Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)

    Permission to start SQL Server Active Directory Helper

    Permission to start SQL Writer

    Permission to read the Event Log service

    Permission to read the Remote Procedure Call service


    This posting is provided "AS IS" with no warranties, and confers no rights. My Blog: Troubleshooting SQL
    Saturday, October 31, 2009 1:14 AM

All replies

  • Have you added the domain user under the windows administrator group prior to installation ?  As this account needs folder creation , service creation permission to install sql server successfully.
    Thanks, Leks
    Friday, October 30, 2009 8:08 PM
  • Normally if the Domain Admin is a Local Administrator then it should have the following security privileges but it is worth checking.

    Run-> Secpol.msc -> User Rights Assignment: Add the domain user to the below listed security privileges:

    Log on as a service (SeServiceLogonRight)

    Log on as a batch job (SeBatchLogonRight)

    Replace a process-level token (SeAssignPrimaryTokenPrivilege)

    Bypass traverse checking (SeChangeNotifyPrivilege)

    Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)

    Permission to start SQL Server Active Directory Helper

    Permission to start SQL Writer

    Permission to read the Event Log service

    Permission to read the Remote Procedure Call service


    This posting is provided "AS IS" with no warranties, and confers no rights. My Blog: Troubleshooting SQL
    Saturday, October 31, 2009 1:14 AM
  • The following permissions cannot be added from the place your are mentioning:

    Permission to start SQL Writer

    Permission to read the Event Log service

    Permission to read the Remote Procedure Call service

    Do you know how can I them?

    Sunday, January 10, 2016 5:24 PM
  • Been struggling with your question a bit as well.  Seems like adding the domain account to the "Performance Monitor Users" group addresses this one for sql agent: "Permission to read the Remote Procedure Call service".  Unfortunately I get an error on the spaces in the name trying to add the account with desired state configurations.
    Tuesday, August 4, 2020 4:37 PM