The MSSQL Service Account name should own the MS-SQL Service
The service account (in case of a local or AD account) and service SID should not be members of the Windows Administrators group.
SQL2008
(TODO Needs additional info)
New-ADUser -Name "SQL01_SVC" -Enabled $True -AccountPassword (ConvertTo-SecureString -AsPlainText "InitialPassword!!!" -Force)
SQL2012
(TODO Needs additional info)
New-ADServiceAccount -Name "SQL01_SVC" -DNSHostName "SQL01.mydomain.local" -Enabled $True
The MSSQL Agent Service Account name should own the MS-SQL Agent Service
The service account (in case of a local or AD account) and service SID should not be members of the Windows Administrators group.
SQL2008
(TODO Needs additional info)
New-ADUser -Name "SQL01_Agent_SVC" -Enabled $True -AccountPassword (ConvertTo-SecureString -AsPlainText "InitPass!!!" -Force)
SQL2012
(TODO Needs additional info)
New-ADServiceAccount -Name "SQL01_Agent_SVC" -DNSHostName "SQL01.mydomain.local" -Enabled $True
It is recommended to create a "DBA" AD Group and allocate users to that group as appropriate.
The example below creates a user, a group, and allocates the user to the group...TL/DR; Don't do it. Use Virtualization instead.
Pros
Lower SQL Licesning Costs
Lower Windows Licensing Costs
Easier Windows Patching
Cons
Much harder performance tuning
Much harder reboot planning
Security challenges
On Linux, you can only have one instance per server.
On Windows you can have up to 50 standalone instances (reduced to 25 for Always On Failover Cluster Instances).