I am trying to get a CMDEXEC Proxy account working on Server 2008 R2 / SQL Server 2008 R2, and because I am working on a tightly locked down network / domain, I need to set the minimum level of rights possible.
Right now when I try to use a proxy with the SQL Agent running with a Domain service account, the attempt fails. If I set the Agent service account to Local Network, the proxy works fine.
What has now confused me is, in comparing the new server to an existing system (Server 2003 / SQL 2005,) neither of them give the Agent account the "Replace a process level token" privilege, yet the 03/05 system works. I have found that if I give the Agent account the "Replace a process..." privilege, the proxy account then works. I'd like to confirm that this is required, so I can go to the network security people to have the service account granted the required privileges.
I found this MSDN article which lists what privileges the install process grants the various SQL services.
I was also linked to this CodePlex article on creating the proxy accounts.
Thanks all,
Jason A.
Jason A.