Microsoft KB Archive/332100

= SQL Server Desktop Engine Runs Under the Local System Account =

Article ID: 332100

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Internet Information Server 1.01
 * Microsoft Internet Information Services 6.0

-



This article was previously published under Q332100



Bug #: 634621 (Windows Bugs)



SUMMARY
SQL Server Desktop Engine (also known as MSDE 2000) runs under the MSSQLServer service and SQL Server Agent. By default, the SQLServer service and SQL Server Agent are configured to run under the local system account.



MORE INFORMATION
When the Web Application Server role includes a SQL Server Desktop Engine component, the logon account for MSSQL$WEBDB MSDE is the local system account. This information is reported in the Services.msc file. Microsoft recommends that you run the MSSQLServer service, SQL Server Agent, and SQL Server Desktop Engine under a Microsoft Windows NT account, not under the local system account.

The Windows NT account should have the following Windows rights:
 * Bypass traverse checking
 * Increase quotas
 * Lock pages in memory
 * Log on as a batch job
 * Log on as a service
 * Replace a Process Level Token
 * Act as part of the operating system

The Windows NT account should have Full Control permissions for the startup account for the MSSQLServer service on the NTFS file system folders. This account should be a local Windows NT account or a domain Windows NT account. One example of an instance name is WEBDB: D:\Program Files\Microsoft SQL Server\MSSQL$WEBDB\. The subfolders and files must also have the same NTFS permissions.

The Windows NT account should have the following registry key permissions. Set Full Control permissions for the startup account for the MSSQLServer service on the following registry keys for a named instance WEBDB:
 * HKEY_LOCAL_MACHINE\Software\Clients\Mail
 * HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\80
 * HKEY_LOCAL_MACHINE\Software\Microsoft\Microsoft SQL Server\MSSQL$WEBDB\
 * HKEY_LOCAL_MACHINE\Software\Microsoft\MSDTC
 * HKEY_LOCAL_MACHINE\Software\Microsoft\Search

Note The startup account should be a local Windows NT account or a domain Windows NT account.

To change the logon account for SQL Server Desktop Engine from Services, right-click the MSSQL$WEBDB service. To configure a local account or a domain account that is only assigned permissions to access database and Web content, click the Log On tab in the MSSQL$WEBDB Service dialog box, click This account, and then type the user name and password information.

Keywords: kbinfo kbprb kbpending KB332100

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.