Is it best practice to run the MSSQL2012 service using an active directory domain account instead of the default (local computer service account)?
My understanding of Windows Server security and general security is that I should give the AD user only the exact permissions necessary (instead of just giving it blanket permissions like putting it into the Domain Admins Security Group). What are the actual permissions required for said AD user account for running the service and SQL to be able to correctly run?
One of the errors I keep getting is that the servicenameprotocol isn't registering, I've been through all the KB's and none of the answers solve my problem (I've done all the manual setSPN.exe commands, I've given permission on the 'read serviceprincipalname' and 'write serviceprincipalname' fields). When I give the service account Domain Admin permissions, the error goes away therefore I know that this is a permissions issue for the AD user account.
Cheers,
Jeff
- Edited by AgilityJeffG 5 hours 17 minutes ago