Security Policy for SQL Server(secpol.msc)

After SQL Server Setup has been performed, it is necessary to make some settings in Security Policy in Windows for the performance of SQL Server. We have explained these settings in our different articles. In this article, we will make configurations related to Security Policy.

We write secpol.msc and press enter on Search.

Under Security Settings, we expand Account Policies and Local Polices as shown below.

Under Account Policies, you must make the necessary configurations for Password Policy and Account Lockout Policy. You can find detailed information in “SQL Server Password Policy” and “SQL Server Account Lockout Policy”.

Under Local Policies, click User Rights Assignment. Here are the configurations we need to do.

Lock Pages In Memory:

You can access detailed information in my article “Numa Nodes, MAX / MIN Server Memory, Lock Pages In Memory, MAXDOP“.

Log on as a batch job:

When an operation over windows is required through SQL Server, the account that the sql server uses will need to be defined here (for example, running a bat file that contains some scripts).

If you define this as a job, you must define the sql server agent account here. If you are going to run the job with a proxy, you must define the account for that credential.

You may be interested in the article “Run Your Jobs With a Proxy Account“.

Log on as a service:

For an application on Windows to run as a service, the account used by the application to be run as a service must be defined here. That’s why we need to define the sql server service account and the sql server agent service account here.

Perform volume maintenance tasks:

An operation that will speed up SQL Server. You can find details about this setting in my article “Instant File Initialization(Restore or Allocate Disk Space Faster)“.