Run SQL Service with lowest possible privileges

From http://msdn2.microsoft.com/en-us/library/ms143504.aspx

Security Note:

To increase the security of your SQL Server installation, run SQL Server services under a local Windows account with the lowest possible privileges.

Heard of SQL injection [million times last week]?

There are different types that may lead to different inpacts. From information disclosure to total ownership of the box. It depends on many factors [actually on many vulnerabilities we do during coding and deployment]. This time I'd like to point out why it is important to run SQL Server under "lowest possible privilege". The reason is that it reduces the risk of exploiting the nasty xp_cmdshell extended  stored procedure. This procedure runs in context of the SQL Services account and will run successfully if the services is in sysadmin server role. Default installation of SQL Server uses Local System to run its service. This account is automatically has sysadmin server role to allow it to run xp_cmdshell. So it'd be good idea to  lower SQL Server service account to something it really needs - nothing more.

One more thing to consider is leaving xp_cmdshell extended stored procedure disabled in SQL 2005 [default behavior].

There are some more countermeasures to consider when building SQL injection resistant apps

Cheers