We're trying to get SQL running under a domain account, however we're not sure what permissions will be required for the service to start.
At present it is just a standard user in the active directory domain (which won't let the service start), I assume this user account will need permissions to the Program Files\Microsoft SQL Server directory.
But does it need permissions to access anything else?
Thank you.
Myles.
For SQL 2005 and 2008 the KB article quoted by JR is obsolete and quite incomplete. Since SQL 2005 the setup creates local user groups and grants all needed privileges to run each service to the respective local group. For example the SQL Server service account needs to be added to the SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER user group (default instance) or SQLServer2005MSSQLUser$ComputerName$InstanceName user group (named instance). The user groups have all the needed priviledges (SeServiceLogonRight, SeBatchLogonRight, SeAssignPrimaryTokenPrivilege etc etc) and all the needed access rights on the registry keys and files and folders used by the respective service. The ones 'missing' are the SeManageVolumePrivilege as Nick already pointed out and the SeLockMemoryPrivilege ("lock pages in memory"): these need be granted explicitly as are not considered mandatory.
So in SQL 2005/2008 case the solution is not to grant access to the folders and hives quoted in the KB, but instead add the desired domain user to the local user group SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER (or the named instance equivalent).
You can read all the details at Setting Up Windows Service Accounts in BOL.
