script to find Privileges for SQL server service account

03 Juni 2013 | finn | | Standaard

For optimal performance it is often advised to grant two privileges to the SQL Server service account. In order to accelerate database creation and alteration, instant file initialization could be performed, without zeroing out the new file space. To do so the service account needs the privilege 'Perform volume maintenance tasks'. The other privilege is called 'Lock pages in memory'. Both are set in the local policy.

Run the GPEdit.mmc and find Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment

Of course I wanted a command line solution but this wasn't easy to find. After trying WMI, Windows Registry, PSCX module, NTRights, RSOP, GPResult I finally found a way to show which accounts have those privilages using secedit. This is the script: