2

I have changed my SQL Server services to use domain service account. The server still has NT Service\MSSQL$INSTANCENAME and NT Service\SQLAgent$INSTANCENAME listed under Security\Logins. They each have the sysadmin role granted to them. Since they are not used by the services, can I safely remove them from the Logins on the server? I have search a bit online but haven't found a good answer to this question. I just want to make sure these accounts aren't used for anything else.

Kevin Kelso
  • 95
  • 1
  • 8
  • Why don't you just remove them from the sysadmin role? Also it can be a double-edged sword because you may need certain service accounts to regain access to your server if you lose the SA password or the domain account gets removed. – Aaron Bertrand Jan 21 '15 at 16:21
  • Removing them from the 'sysadmin' role would be acceptable. I just want to make sure that there's nothing I'm missing outside of that. You make a good point for leaving the accounts there. – Kevin Kelso Jan 21 '15 at 20:24

0 Answers0