I want to create a Domain User that runs the SQL Service Accounts. The reason for this is that I have setup mirroring and MS recommends having the same user (a domain user account) running the services across all the the computers in the configuration to ensure mirroring will work properly. Right now in the test environment I just had them run under my user for simplicity. But now that I know what I am doing I would like to test the configuration more accurately.
I am also aware that it makes things much simpler if this user is an administrator.
My question is.
Should I just create a simple user SQLSERVICEUSER and make it an administrator? Seems a little insecure to me. Anyone have a more elegant solution?
Setting the sqlserviceaccount as an admin does become substantially more insecure (or perhaps loses accountability would be a better term) with the more people who know the password so you're not wrong to worry about it. Not to mention that keeping it with minimum permissions helps to ensure that the account can't do much to the actual server if the account is compromised.
You've mentioned that you have a test environment so you already have the perfect place to test out a non-admin user. Just switch the service from running on your account to a regular user. I know that SQL Server doesn't require an administrator account to run so simply go as low on the totem pole as you can for it. If you're assigning the service to a regular user and it's giving you invalid permission errors then post them here and we'll see if we can work through them. While giving out admin privileges is simpler it does add another all-powerful user to the system that needs to be monitored.
Update:
The two following articles seem to suggest ways to set up accounts for database mirroring:
How to: Allow Database Mirroring Network Access Using Windows Authentication (Transact-SQL)
Setting Up Login Accounts for Database Mirroring