Hello
Can you let me know an easy method to change the MSSQLSERVER Service Startup Account from NT Service\MSSQLSERVER to a custom Windows account in 2016 version ? Here are my requirements.
1) Create a new Windows O.S account called sqlserver_owner.
2) But do Not make it part of the administrators group.
3) Create an SQL Server login principle with SYSADMIN fixed server role for this sqlserver_owner account.
I went to SQL Server configuration manager and chosen the SQL Server (MSSQLSERVER) account => right click and tried to change from NT Service\MSSQLSERVER to sqlserver_owner. It changed it.
4) Now when i login to the Windows server using sqlserver_owner, i am not able to stop and start this service. When i try from windows component services, the stop and start buttons are greyed out. When i try to click on SSMS => right click => restart , it asks for Administrator's password.
Basically, i would like to use a custom Windows login name as the MSSQLSERVER service owner, but not make it part of Windows administrators group. Is it not possible in SQL server 2016 version ?
For audit compliance databases, i do not want to make it part of Windows administrators group for segregation of duties. The DBA login should not be part of Windows administrators group
I have seen this article https://msdn.microsoft.com/en-us/library/ms143504.aspx , but it has several steps and a series of permissions to be granted to sqlserver_owner to make it equal in nature to NT Service\MSSQLSERVER . But that is very lengthy and I hoping for a simple solution.
In older versions such as 2008, all that i had to do was add to SQLServerMSSQLUser$ComputerName$InstanceName and SQLServerSQLAgentUser$ComputerName$InstanceName groups.
-Srini