Gents, Can you please explain new security principals in MS SQL 2008 R2.
I tried to change accounts for SQL services. I opened "SQL Server Configuration Manager", chose SQL Server Agent and changed log on account as domain account.
But I don't see changes in local SQL groups (SQLServer*$server-name$MSSQLSERVER). I see the same strange security principals (groups) like "NT SERVICE\SQLSERVERAGENT" which included into local SQL groups.
Can anyone explain, what does mean these security principals (SP) ?
How real domain accounts are associated to these SP ?
ps. I don't see this behavior in SQL 2008 (no R2). The specific domain account is added into SQL group.
pps. Why I have this question. I tried to connect SQL DB. ACL for DB files was strong, only local SQL server group had full control for DB files. SQL server couldn't open DB ;-/ Full control for everyone is fixed this issues, but it's not ok for me.
View Complete Post