{"id":31884,"date":"2024-03-18T11:55:10","date_gmt":"2024-03-18T10:55:10","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/?p=31884"},"modified":"2024-04-11T10:46:00","modified_gmt":"2024-04-11T08:46:00","slug":"sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/","title":{"rendered":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group"},"content":{"rendered":"\n<p>These last few weeks, I work on a project to check the compliance of an instance with the <a href=\"https:\/\/www.cisecurity.org\/\">Center for Internet Security (CIS) document.<\/a><\/p>\n\n\n\n<p>The Benchmark documentation provides prescriptive guidance to secure SQL Server and I develop a tool to do a security audit automatically following these recommendations.<\/p>\n\n\n\n<p>On the Authentication and Authorization Chapter, you have three sub-chapters:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ensure the SQL Server\u2019s MSSQL Service Account is not an Administrator<\/li>\n\n\n\n<li>Ensure the SQL Server\u2019s SQLAgent Service Account is not an Administrator<\/li>\n\n\n\n<li>Ensure the SQL Server\u2019s Full-Text Service Account is not an Administrator<\/li>\n<\/ul>\n\n\n\n<p>These three services should not be a member of the Windows Administrator Group.<\/p>\n\n\n\n<p>It is also, why the \u201cNT Authority\\System\u201d should not be used as service account for SQL Server\u2026<\/p>\n\n\n\n<p>I search how to do it automatically and find a way with PowerShell. It was not easy and I believe that it will be a good sharing opportunity.<\/p>\n\n\n\n<p>The first step is to find these services for an instance.<\/p>\n\n\n\n<p>I use the <a href=\"https:\/\/learn.microsoft.com\/en-us\/powershell\/module\/microsoft.powershell.management\/get-wmiobject?view=powershell-5.1\">Get-WmiObject<\/a> and the class Win32_Service in a simple request like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$MSSQL_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQL*'}\r\n$Agent_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*SQLAgent*'}\r\n$FullText_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQLLFDLauncher*'}\r\n<\/code><\/pre>\n\n\n\n<p>If you have multiple instances on the same server, you can add a filter on the instance name as follow:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$Instance = '&lt;instance_name&gt;'\r\n$Inst = '*'+$Instance+'*'\r\n$MSSQL_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQL*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n$Agent_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*SQLAgent*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n$FullText_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQLLFDLauncher*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n<\/code><\/pre>\n\n\n\n<p>After this part, the second step is to find if these services are in the local administrator group.<\/p>\n\n\n\n<p>To find the members of a local group, use the function <a href=\"https:\/\/learn.microsoft.com\/en-us\/powershell\/module\/microsoft.powershell.localaccounts\/get-localgroupmember?view=powershell-5.1\">Get-LocalGroupMember<\/a><\/p>\n\n\n\n<p>Then for each service, add a clause where and the result will give us if thee service is in the local Administrator group or not:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Get-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $MSSQL_Services}\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $Agent_Services}\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $FullText_Services} \r\n\n<\/code><\/pre>\n\n\n\n<p>If I let the script like this, it will not working. The three variables will have only the name of the service without the domain or \u201cNT SERVICE\u201d. To find the service in the local administrator group, we need to adapt the script with wildcard to find the service:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$MSSQL_Services_local = $MSSQL_Services.name\r\n$MSSQL_Services_local = \"*$MSSQL_Services_local*\"\r\n\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $MSSQL_Services_local}\r\n\r\n$Agent_Services_local = $Agent_Services.name\r\n$Agent_Services_local = \"*$Agent_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $Agent_Services_local}\r\n\r\n$FullText_Services_local = $FullText_Services.name\r\n$FullText_Services_local = \"*$FullText_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $FullText_Services_local}\r\n<\/code><\/pre>\n\n\n\n<p>To finish and be sure to not do the search for nothing, a little if not null or empty for each services can be add:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>if (-not (&#091;string]::IsNullOrEmpty($MSSQL_Services)))\r\n{\r\n$MSSQL_Services_local = $MSSQL_Services.name\r\n$MSSQL_Services_local = \"*$MSSQL_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $MSSQL_Services_local}\r\n}\r\nif (-not (&#091;string]::IsNullOrEmpty($Agent_Services)))\r\n{\r\n$Agent_Services_local = $Agent_Services.name\r\n$Agent_Services_local = \"*$Agent_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $Agent_Services_local}\r\n}\r\nif (-not (&#091;string]::IsNullOrEmpty($FullText_Services)))\r\n{\r\n$FullText_Services_local = $FullText_Services.name\r\n$FullText_Services_local = \"*$FullText_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $FullText_Services_local} \r\n}\r\n\r\n<\/code><\/pre>\n\n\n\n<p>In my example below to illustrate my script, I have a named instance INST01 with the engine and the agent. I put the Agent Service in the local administrator group:<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"939\" height=\"502\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\" alt=\"\" class=\"wp-image-31886\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png 939w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29-300x160.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29-768x411.png 768w\" sizes=\"auto, (max-width: 939px) 100vw, 939px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"939\" height=\"597\" src=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-30.png\" alt=\"\" class=\"wp-image-31887\" srcset=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-30.png 939w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-30-300x191.png 300w, https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-30-768x488.png 768w\" sizes=\"auto, (max-width: 939px) 100vw, 939px\" \/><\/figure>\n\n\n\n<p>Of course, at the end I give you the complete script:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$Instance = 'INST01'\r\n$Inst = '*'+$Instance+'*'\r\n$MSSQL_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQL*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n$Agent_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*SQLAgent*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n$FullText_Services = Get-WmiObject -Class Win32_Service | where {$_.Name.ToUpper() -like '*MSSQLLFDLauncher*'} | where {$_.DisplayName.ToUpper()-like $Inst }\r\n\r\n\r\nif (-not (&#091;string]::IsNullOrEmpty($MSSQL_Services)))\r\n{\r\n$MSSQL_Services_local = $MSSQL_Services.name\r\n$MSSQL_Services_local = \"*$MSSQL_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $MSSQL_Services_local}\r\n}\r\nif (-not (&#091;string]::IsNullOrEmpty($Agent_Services)))\r\n{\r\n$Agent_Services_local = $Agent_Services.name\r\n$Agent_Services_local = \"*$Agent_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $Agent_Services_local}\r\n}\r\nif (-not (&#091;string]::IsNullOrEmpty($FullText_Services)))\r\n{\r\n$FullText_Services_local = $FullText_Services.name\r\n$FullText_Services_local = \"*$FullText_Services_local*\"\r\nGet-LocalGroupMember -Name 'Administrators' | where{$_.Name -like $FullText_Services_local}\r\n\r\n<\/code><\/pre>\n\n\n\n<p>We can do better every time (add a list of servers to verify, read the CMS) but with this blog, I will give you a start.<\/p>\n\n\n\n<p>Don\u2019t hesitate to come back to us if you need to test and see your compliance with the CIS document. <\/p>\n\n\n\n<p>We can help you!\u00a0 \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"<p>These last few weeks, I work on a project to check the compliance of an instance with the Center for Internet Security (CIS) document. The Benchmark documentation provides prescriptive guidance to secure SQL Server and I develop a tool to do a security audit automatically following these recommendations. On the Authentication and Authorization Chapter, you [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229,198,149,99],"tags":[49,51],"type_dbi":[2874],"class_list":["post-31884","post","type-post","status-publish","format-standard","hentry","category-database-administration-monitoring","category-database-management","category-security","category-sql-server","tag-microsoft","tag-sql-server","type-sql-server"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group - dbi Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group\" \/>\n<meta property=\"og:description\" content=\"These last few weeks, I work on a project to check the compliance of an instance with the Center for Internet Security (CIS) document. The Benchmark documentation provides prescriptive guidance to secure SQL Server and I develop a tool to do a security audit automatically following these recommendations. On the Authentication and Authorization Chapter, you [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-18T10:55:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-11T08:46:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\" \/>\n<meta name=\"author\" content=\"St\u00e9phane Haby\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"St\u00e9phane Haby\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\"},\"author\":{\"name\":\"St\u00e9phane Haby\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\"},\"headline\":\"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group\",\"datePublished\":\"2024-03-18T10:55:10+00:00\",\"dateModified\":\"2024-04-11T08:46:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\"},\"wordCount\":439,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\",\"keywords\":[\"Microsoft\",\"SQL Server\"],\"articleSection\":[\"Database Administration &amp; Monitoring\",\"Database management\",\"Security\",\"SQL Server\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\",\"name\":\"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\",\"datePublished\":\"2024-03-18T10:55:10+00:00\",\"dateModified\":\"2024-04-11T08:46:00+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png\",\"width\":939,\"height\":502},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b\",\"name\":\"St\u00e9phane Haby\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g\",\"caption\":\"St\u00e9phane Haby\"},\"description\":\"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals &amp; Pharmaceuticals, Banking \/ Financial Services, and many other industries.\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/stephane-haby\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group - dbi Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/","og_locale":"en_US","og_type":"article","og_title":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group","og_description":"These last few weeks, I work on a project to check the compliance of an instance with the Center for Internet Security (CIS) document. The Benchmark documentation provides prescriptive guidance to secure SQL Server and I develop a tool to do a security audit automatically following these recommendations. On the Authentication and Authorization Chapter, you [&hellip;]","og_url":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/","og_site_name":"dbi Blog","article_published_time":"2024-03-18T10:55:10+00:00","article_modified_time":"2024-04-11T08:46:00+00:00","og_image":[{"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png","type":"","width":"","height":""}],"author":"St\u00e9phane Haby","twitter_card":"summary_large_image","twitter_misc":{"Written by":"St\u00e9phane Haby","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/"},"author":{"name":"St\u00e9phane Haby","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"headline":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group","datePublished":"2024-03-18T10:55:10+00:00","dateModified":"2024-04-11T08:46:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/"},"wordCount":439,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png","keywords":["Microsoft","SQL Server"],"articleSection":["Database Administration &amp; Monitoring","Database management","Security","SQL Server"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/","url":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/","name":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png","datePublished":"2024-03-18T10:55:10+00:00","dateModified":"2024-04-11T08:46:00+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b"},"breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2024\/03\/image-29.png","width":939,"height":502},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/sql-server-security-ensure-that-sql-server-service-accounts-are-not-a-member-of-the-windows-local-administrator-group\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"SQL Server Security: Ensure that SQL Server service accounts are not a member of the Windows local Administrator group"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/d0bfb7484ae81c8980fc2b11334f803b","name":"St\u00e9phane Haby","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1123227ca39a5dca608c0f72d23cd1904fee29979749bbb3a485b9438436c553?s=96&d=mm&r=g","caption":"St\u00e9phane Haby"},"description":"St\u00e9phane Haby has more than ten years of experience in Microsoft solutions. He is specialized in SQL Server technologies such as installation, migration, best practices, and performance analysis etc. He is also an expert in Microsoft Business Intelligence solutions such as SharePoint, SQL Server and Office. Futhermore, he has many years of .NET development experience in the banking sector and other industries. In France, he was one of the first people to have worked with Microsoft Team System. He has written several technical articles on this subject. St\u00e9phane Haby is Microsoft Most Valuable Professional (MVP) as well as Microsoft Certified Solutions Associate (MCSA) and\u00a0Microsoft Certified Solutions Expert (MCSE) for SQL Server 2012. He is also Microsoft Certified Technology Specialist (MCTS) and Microsoft Certified IT Professional (MCITP) for SQL Server 2008 as well as ITIL Foundation V3 certified. He holds a Engineer diploma in industrial computing and automation from France. His branch-related experience covers Chemicals &amp; Pharmaceuticals, Banking \/ Financial Services, and many other industries.","url":"https:\/\/www.dbi-services.com\/blog\/author\/stephane-haby\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31884","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=31884"}],"version-history":[{"count":3,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31884\/revisions"}],"predecessor-version":[{"id":31890,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/31884\/revisions\/31890"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=31884"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=31884"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=31884"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=31884"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}