Cluster service account permissions | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Cluster service account permissions

I am working on removing the BUILTINADMINISTRATORS account from our instances. I had read that the cluster service account required public access to the server in order to do an ISALIVE check. Since the cluster service account has not been directly added to the instance I assumed it is deriving permssions via the builtin account which it is in the local admin group on both nodes. I performed a test where I removed the builtin account from an instance. Since the cluster service account is not part of the instance I expected the cluster to failover to the other node when the ISALIVE check failed. I then expected it to fail back and forth as the check failed. It didn’t do anything. The instance stayed on the primary node and nothing changed. Does the cluster service account need access to the instance? Thanks
How to impede Windows NT administrators from administering a clustered instance of SQL Server
Moderator All postings are provided “AS IS” with no warranties for accuracy.

IF builtinadministrators removed then ensure to have CLuster service & SQL services has relevant admin privileges on the server. Satya SKJ
Microsoft SQL Server MVP
Writer, Contributing Editor & Moderator
This posting is provided AS IS with no rights for the sake of knowledge sharing. The greatest discovery of my generation is that a human being can alter his life by altering his attitudes of mind.
Hi, We faced siminilar issue recently. Without knowing the fact that cluster admin account need to be added to SQL Server, we have deleted builtinadministartor group. SQL Services failed to come online while failing over to other node. We have added cluster admin account to SQL Server instance and granted sa role, thus issue resolved. REgards,
Anil Kumar