After sql server 2012 installation, I attached my production db. Because of some reasons, i changed sql engine account from network service user to system user by means of sql server configuration manager.
Now , there isn’t a problem at sql server running system. ButI have doubts that this can produce problems later. Because sql server database engine account must have privileges that listed below;
- Log on as a service (SeServiceLogonRight)
- Replace a process-level token (SeAssignPrimaryTokenPrivilege)
- Bypass traverse checking (SeChangeNotifyPrivilege)
- Adjust memory quotas for a process (SeIncreaseQuotaPrivilege)
- Permission to start SQL Writer
- Permission to read the Event Log service
- Permission to read the Remote Procedure Call service
While sql server installation, setup gives these privileges to network service user automatically, but changing user by means of sql confugarition manager does not give these privileges.
Now, system user has privileges listed below. And sql server has been running for 1,5 months without any problems.
- Log on as a service (SeServiceLogonRight)
- Bypass traverse checking (SeChangeNotifyPrivilege) (Everyone user has his privileges. So i think that system user has this privilege also)
What problems can occur because of this situation? Shall i give other privileges to system user and restart sql server or not? And how can i give these privileges to system user listed below;
- Replace a process-level token ( this can be set from user rights assignments)
- Adjust memory quotas for a process (this can be set from user rights assignments)
- Permission to start SQL Writer ( ? - give advice )
- Permission to read the Event Log service (? - give advice )
- Permission to read the Remote Procedure Call service (? - give advice )