SQL Server service Account type

Each service in SQL Server represents a process or set of processes, and each process requires access to SQL Server-related files (such as. mdf,. ndf, and. LDF, and so on) or the registry or the SQL Server installation directory. These services need to be loaded before the login interface is displayed. In order for the SQL Server service to start and run properly in the operating system, you need to specify the SQL Server service account to start and get permissions to access the operating system files. So the service account refers to the account in the Windows operating system.

The service account types in SQL Server 2008 are divided into " built-in system accounts" and "domain user accounts" that do not have Windows administrator privileges , and "built-in system accounts" are subdivided into three types of "Local system accounts", "Network Service Accounts", and "Local Service accounts".

　　1. Local System : is a built-in account with high privileges. This account does not have credentials such as user name and password, if the machine is in the domain, then the service running under the Local System account can also use the machine account to obtain the automatic authentication of other machines in the same forest, and it can use the null session to access network resources. The actual name of the account is "NT authority\system".
　　2. Network Service : It has more access to resources and objects than members of the Users group. A service running as the Network Service account accesses network resources using the credentials of the computer account. The actual name of the account is "NT authority\network SERVICE".

　　3. Local Service : The account is a pre-defined, locally-owned account with the same level of access to resources and objects as a member of the Users group, and the process under that account can only access network resources in a null session without credentials. This limited access helps protect the security of your system if individual services or processes are compromised. Note that the Local service account is not supported by SQL Server or the SQL Server Agent service. The actual name of the account is "NT authority\local SERVICE".

domain user account is a domain user account that uses Windows authentication to set up and connect to SQL Server. Microsoft recommends that you use a domain user account with the least privilege for the SQL Server service because the SQL Server service does not require administrator account privileges. If the service must interact with the network service, access a domain resource similar to the file share, or use a domain account with the least privilege if the service uses a linked server connection to another computer that is running SQL Server. Many server-to-server activities can only be performed by using a domain user account. This account should be pre-created by the domain administrator within your environment.

SQL Server service Account type