Service Configuration Options
There are two configuration options for the SQL Agent service logon:
- Run the Service as the Local System Account.
- Run the Service as a Windows Domain User
Selection of the logon type affects the security, network access, and performance of the SQL Agent.
SMA Technologies recommends running the agent as Local System because it is the only way for the agent to have all of the system level privileges needed. Access for UNC paths and shared drives must be managed through the user account running the job and through startup scripts defined in the SQLAgent.ini file. In this mode, be sure to select a Windows User account from your network for the Windows User Id in the Job Definitions in the Enterprise Manager.
For information on configuring mapped network drives in the SQLAgent.ini file, refer to Using the InitializationScript and TerminationScript. For information on entering a Windows User, refer to Adding a Batch User for SQL in the Enterprise Manager online help.
Run the SQL Agent as the Local System Account
The Local System Account must have the following advanced Windows privileges:
- Act as part of the operating system
- Adjust memory quotas for a process
- Log on as a service
- Log on as a batch job
- Replace a process-level token
Configure the SQL Agent to Run as a Local System Account
- Use menu path: Start > Control Panel.
- Double-click the Administrative Tools icon.
- Double-click the Services icon to run the Service Control Manager.
- Double-click the agent in the Services list.
- If not selected already, select Automatic (Delayed Start) from the Startup Type drop-down list.
- Click the Log On tab.
- Click Local System account radio button.
- Click OK.
- Close ☒ the Services window.
Run the SQL Agent as a Windows Domain User
SMA Technologies strongly recommends running as Local System Account.
The domain user must have the following:
- Membership in the local Administrators group
- The following advanced Windows privileges:
- Act as part of the operating system
- Adjust memory quotas for a process
- Log on as a service
- Log on as a batch job
- Replace a process-level token
This user must have logged on to this machine before trying to start the service. The initial login creates a Windows user profile required by the SQL Agent running as a Domain User.
Please refer to the Domain Administrator about acquiring the appropriate privileges.
Add Advanced Windows Privileges
- Use menu path: Start > Control Panel.
- Double-click the Administrative Tools icon.
- Double-click the Local Security Policy icon to run the Local security settings editor.
- Double-click the Local Policies under Security Settings and select User Rights Assignment.
- Double-click on each privilege from the list above and click on Add User Or Group button.
- In the Select Users Or Groups dialog box, click on Locations and select the machine or domain depending upon whether adding a Local user or a Domain user.
- In the object name text box, enter the name of the user. For adding Local System Account choose the current machine. In the object name text box, enter SYSTEM.
- Repeat steps 6 and 7 for each privilege.
Configure the SQL Agent to Run as a Domain User
- Use menu path: Start > Control Panel.
- Double-click the Administrative Tools icon.
- Double-click the Services icon to run the Service Control Manager.
- Double-click the agent in the Services list.
- If not selected already, select Automatic (Delayed Start) from the Startup Type drop-down list.
- Click the Log On tab.
- Click This account radio button.
- Click Browse to find the Domain User.
- Click the Domain User.
- Click OK.
- Enter the password in the Password field.
- Re-enter the password in the Confirm Password field.
- Click OK.
- Close ☒ the Services window.