| title | Server Configuration - Service Accounts | Microsoft Docs | |
|---|---|---|
| ms.custom | ||
| ms.date | 03/06/2017 | |
| ms.prod | sql-server-2014 | |
| ms.reviewer | ||
| ms.technology | database-engine | |
| ms.topic | conceptual | |
| f1_keywords |
|
|
| ms.assetid | c283702d-ab20-4bfa-9272-f0c53c31cb9f | |
| author | mashamsft | |
| ms.author | mathoma | |
| manager | craigg |
Use the Server Configuration page of the [!INCLUDEssNoVersion] Installation Wizard to assign login accounts to [!INCLUDEssNoVersion] services. The actual services configured on this page depend on the features you have selected to install.
Startup accounts used to start and run [!INCLUDEssNoVersion] can be domain user accounts, local user accounts, managed service accounts, virtual accounts, or built-in system accounts.
You can assign the same login account to all [!INCLUDEssNoVersion] services, or you can configure each service account individually. You can also specify whether services start automatically, are started manually, or are disabled. The default account is recommended for most installations.
On Windows 7 and [!INCLUDEnextref_longhorn] R2 most accounts default to a virtual account.
If you configure services to use domain accounts, [!INCLUDEmsCoName] recommends that you configure service accounts individually to provide least privileges for each service, where [!INCLUDEssNoVersion] services are granted the minimum permissions they need to complete their tasks. For more information including descriptions of the types of accounts, see Configure Windows Service Accounts and Permissions.
Configure [!INCLUDEssNoVersion] service accounts individually (recommended)
Use the grid to provision each [!INCLUDEssNoVersion] service with a logon user name and password, and to set the startup type for the service. You can use built-in system accounts, a local account, local group, domain group, or domain user accounts for [!INCLUDEssNoVersion] services.
Select any of the following services to customize its settings.
| Select this service | To configure authentication settings for |
|---|---|
| [!INCLUDEssNoVersion] Agent | The service that executes jobs, monitors, [!INCLUDEssNoVersion], and allows automation of administrative tasks. There is no default logon account for this service. The default startup type is Manual. |
| [!INCLUDEssDEnoversion] | The default startup type is Automatic. |
| [!INCLUDEssASnoversion] | The default startup type is Automatic. For SharePoint integrated mode, you must specify a Windows domain user account. The account you specify is used for the [!INCLUDEssASnoversion] service. The account you specify for the current instance must also be used for any additional [!INCLUDEssASnoversion] instances that you subsequently add to the same farm. |
| [!INCLUDEssRSnoversion] | Service accounts are used to configure a report server database connection. Choose the built-in network service if you want to use default authentication settings. If you specify a domain user account, be sure to register a service principle name (SPN) for it if you are using Windows Authentication on the report server. For more information, see Configure Windows Authentication on the Report Server. The default startup type is Automatic. |
| [!INCLUDEssISnoversion] | [!INCLUDEssISnoversion] is a set of graphical tools and programmable objects for moving, copying, and transforming data. The default startup type is Automatic. |
| [!INCLUDEssNoVersion] Distributed Replay Client | The service account used for the Distributed Replay client service. Provide an account in which to run the Distributed Replay client service. This account should be different from the account that you use for the [!INCLUDEssNoVersion] service. The default startup type is Manual. |
| [!INCLUDEssNoVersion] Distributed Replay Controller | The service account used for the Distributed Replay controller service. Provide an account in which to run the Distributed Replay controller service. This account should be different from the account that you use for the [!INCLUDEssNoVersion] service. The default startup type is Manual. |
| [!INCLUDEssNoVersion] Full-text Filter Daemon Launcher | The service that creates the fdhost.exe processes. This is required to host the word breakers and filters that process textual data for full-text indexing. If you provide a domain account in which to run the FDHOST Launcher service, we highly recommend that you use a low privilege account. This account should be different from the account that you use for the [!INCLUDEssNoVersion] service. |
| [!INCLUDEssNoVersion] Browser | [!INCLUDEssNoVersion] Browser is the name resolution service that provides [!INCLUDEssNoVersion] connection information to client computers. This service is shared across multiple [!INCLUDEssNoVersion] and [!INCLUDEssISnoversion] instances. The default logon account is NT Authority\Local service and cannot be changed during [!INCLUDEssNoVersion] setup. You can change the account after the setup has been completed. If the startup type is not specified during setup, it is determined as follows: [!INCLUDEssNoVersion] Browser is set to Automatic and running in the installation scenarios described below: - [!INCLUDEssNoVersion] failover cluster instance - Named instance of [!INCLUDEssNoVersion] where TCP or NP is enabled - Named instance of Analysis Server and is not clustered If none of the above scenarios apply, and [!INCLUDEssNoVersion] Browser is already installed, the current state of [!INCLUDEssNoVersion] Browser will be maintained. The startup type is set to Disabled and stopped if there is not an existing instance of an older [!INCLUDEssNoVersion] version prior to the installation. |