This project has moved and is read-only. For the latest updates, please go here.

Previous SQL Service Accounts SQL Naming Standards Next

Software Install Account

It is Best Practice to use a dedicated account for performing software installs, fixes and upgrades.

This is because Windows local Administrator authority is required to perform a software install, but day-to-day administration of already-installed software does not need Windows local Administrator authority. The security principal of using minimum possible rights for a given task therefore mandates the use of separate accounts for software installation and administration.

All installation tasks must be performed using an account that has the following attributes:
  • Local Administrator authority on the Windows instance where SQL Server is being installed
  • Ability to update Registry entries, which can be restricted via a GPO

When an installation is performed on Windows 2008 or above, the installation should be explicitly started with the Run as Administrator option.

After SQL Server install activity has completed, the install account should be disabled within SQL Server, and only re-enabled when it is required to install SQL Server fixes or upgrades.

Copyright © 2013 - 2014 Edward Vassie. License and Acknowledgements
Previous SQL Service Accounts Top SQL Naming Standards Next

Last edited Oct 8, 2014 at 11:21 AM by EdVassie, version 4