Each service in SQL Server
represents a process or a set of processes to manage authentication of SQL
Server operations with Windows. This topic describes the default configuration
of services in this release of SQL Server, and configuration options for SQL
Server services that you can set during and after SQL Server installation. This
topic helps advanced users understand the details of the service accounts.
Most services and their properties can be configured by using
SQL Server Configuration Manager. Here are the paths to the last four versions
when Windows in installed on the C drive.
SQL Server 2016
|
C:\Windows\SysWOW64\SQLServerManager13.msc
|
SQL Server 2014
|
C:\Windows\SysWOW64\SQLServerManager12.msc
|
SQL Server 2012
|
C:\Windows\SysWOW64\SQLServerManager11.msc
|
SQL Server 2008
|
C:\Windows\SysWOW64\SQLServerManager10.msc
|
Services Installed by SQL Server
Depending on the components that you decide to install, SQL Server Setup installs the following services:
- · SQL Server Database Services - The service for the SQL Server relational Database Engine. The executable file is <MSSQLPATH>\MSSQL\Binn\sqlservr.exe.
- · SQL Server Agent - Executes jobs, monitors SQL Server, fires alerts, and enables automation of some administrative tasks. The SQL Server Agent service is present but disabled on instances of SQL Server Express. The executable file is <MSSQLPATH>\MSSQL\Binn\sqlagent.exe.
- · Analysis Services - Provides online analytical processing (OLAP) and data mining functionality for business intelligence applications. The executable file is <MSSQLPATH>\OLAP\Bin\msmdsrv.exe.
- · Reporting Services - Manages, executes, creates, schedules, and delivers reports. The executable file is <MSSQLPATH>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe.
- · Integration Services - Provides management support for Integration Services package storage and execution. The executable path is <MSSQLPATH>\130\DTS\Binn\MsDtsSrvr.exe
- · SQL Server Browser - The name resolution service that provides SQL Server connection information for client computers. The executable path is c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
- · Full-text search - Quickly creates full-text indexes on content and properties of structured and semistructured data to provide document filtering and word-breaking for SQL Server.
- · SQL Writer - Allows backup and restore applications to operate in the Volume Shadow Copy Service (VSS) framework.
- · SQL Server Distributed Replay Controller - Provides trace replay orchestration across multiple Distributed Replay client computers.
- · SQL Server Distributed Replay Client - One or more Distributed Replay client computers that work together with a Distributed Replay controller to simulate concurrent workloads against an instance of the SQL Server Database Engine.
- · SQL Server Trusted Launchpad - A trusted service that hosts external executables that are provided by Microsoft, such as the R runtime installed as part of R Services (In-Database). Satellite processes can be launched by the Launchpad process but will be resource governed based on the configuration of the individual instance. The Launchpad service runs under its own user account, and each satellite process for a specific, registered runtime will inherit the user account of the Launchpad. Satellite processes are created and destroyed on demand during execution time.
- SQL Server PolyBase Engine - Provides distributed query capabilities to external data sources.
- SQL Server Polybase Data Movement Service - Enables data movement between SQL Server and External Data Sources and between SQL nodes in PolyBase Scaleout Groups.
Windows Privileges and Rights
The account assigned to start a service needs the Start, stop and pause permission for the service. The SQL Server Setup
program automatically assigns this. First install Remote Server Administration
Tools (RSAT).
The following table shows permissions that SQL Server Setup
requests for the per-service SIDs or local Windows groups used by SQL Server
components.
SQL
Server Service
|
Permissions
granted by SQL Server Setup
|
SQL Server Database Engine:
(All rights are granted to the per-service SID.
Default
instance: NT
SERVICE\MSSQLSERVER.
Named
instance: NT
SERVICE\MSSQL$InstanceName.)
|
Log on as a service (SeServiceLogonRight)
Replace a process-level token(SeAssignPrimaryTokenPrivilege) Bypass traverse checking(SeChangeNotifyPrivilege) Adjust memory quotas for a process(SeIncreaseQuotaPrivilege) Permission to start SQL Writer Permission to read the Event Log service Permission to read the Remote Procedure Call service |
SQL Server Agent: *
(All rights are granted to the per-service SID.
Default
instance: NT
Service\SQLSERVERAGENT.
Named
instance: NT
Service\SQLAGENT$InstanceName.)
|
Log on as a service (SeServiceLogonRight)
Replace a process-level token(SeAssignPrimaryTokenPrivilege) Bypass traverse checking(SeChangeNotifyPrivilege) Adjust memory quotas for a process(SeIncreaseQuotaPrivilege) |
SSAS:
(All rights are granted to a local Windows group.
Default
instance: SQLServerMSASUser$ComputerName
$MSSQLSERVER. Named instance: SQLServerMSASUser$ComputerName
$InstanceName. Power Pivot for SharePoint instance: SQLServerMSASUser$ComputerName
$PowerPivot.)
|
Log on as a service (SeServiceLogonRight)
For tabular only: Increase a process working set(SeIncreaseWorkingSetPrivilege) Adjust memory quotas for a process(SeIncreaseQuotaSizePrivilege) Lock pages in memory(SeLockMemoryPrivilege) – this is needed only when paging is turned off entirely. For failover cluster installations only: Increase scheduling priority(SeIncreaseBasePriorityPrivilege) |
SSRS:
(All rights are granted to the per-service SID.
Default
instance: NT
SERVICE\ReportServer.
Named
instance: NT
SERVICE\$InstanceName.)
|
Log on as a service (SeServiceLogonRight)
|
SSIS:
(All rights are granted to the per-service SID. Default
instance
and named instance: NT
SERVICE\MsDtsServer130.
Integration
Services does not have a separate process for a
named
instance.)
|
Log on as a service (SeServiceLogonRight)
Permission to write to application event log. Bypass traverse checking(SeChangeNotifyPrivilege) Impersonate a client after authentication(SeImpersonatePrivilege) |
Full-text search:
(All rights are granted to the per-service SID.
Default
instance: NT
Service\MSSQLFDLauncher.
Named
instance: NT Service\
MSSQLFDLauncher$InstanceName.)
|
Log on as a service (SeServiceLogonRight)
Adjust memory quotas for a process(SeIncreaseQuotaPrivilege) Bypass traverse checking(SeChangeNotifyPrivilege) |
SQL Server Browser:
(All rights are granted to a local Windows group.
Default
or named instance: SQLServer2005SQLBrowserUser$ComputerName.
SQL
Server Browser does not have a separate process for
a
named instance.)
|
Log on as a service (SeServiceLogonRight)
|
SQL Server VSS Writer:
(All rights are granted to the per-service SID. Default or named instance: NT Service\SQLWriter.
SQL
Server VSS Writer does not have a separate process
for
a named instance.)
|
The
SQLWriter service runs under the LOCAL SYSTEM account which has all the
required permissions. SQL Server setup does not check or grant permissions
for this service.
|
SQL Server Distributed Replay Controller:
|
Log on as a service (SeServiceLogonRight)
|
SQL Server Distributed Replay Client:
|
Log on as a service (SeServiceLogonRight)
|
PolyBase Engine and DMS
|
Log on as a service (SeServiceLogonRight)
|
Launchpad:
|
Log on as a service (SeServiceLogonRight)
Replace a process-level token(SeAssignPrimaryTokenPrivilege) Bypass traverse checking(SeChangeNotifyPrivilege) Adjust memory quotas for a process(SeIncreaseQuotaPrivilege) |
R Services: SQLRUserGroup
|
Allow Log on locally
|
*The
SQL Server Agent service is disabled on instances of SQL Server Express.
etc..
For More information please refer below link.
No comments:
Post a Comment