After SQL Server 2012 RC0 installation I noticed a few changes in SQL Server services account configuration. In previous versions (SQL Server 2005 and 2008/R2) during stand-alone SQL Server installation, local Windows group is created and service account for services or service SID is added as a member of the service group.
In SQL Server 2012 that is changed. Local windows groups are created only for SQL Server Browser (SQLServer2005SQLBrowserUser$ComputerName), SSAS (SQLServerMSASUser$ComputerName$MSSQLSERVER) and PowerPivot for SharePoint (SQLServerMSASUser$ComputerName$PowerPivot).
Permissions and ACL for all other services (SQL Server Engine, SQL Server Agent, Full-text search…) are set to the per-service SIDs.
Other interesting thing is number of created logins in the SQL Server Database Engine after SQL Server 2012 RC0 installation. Regarding the service SID for SQL Server Engine and SQL Server Agent there is no difference between SQL Server 2012 RC0 and SQL Server 2008. The service SID for SQL Server Engine and SQL Server Agent is added as a login to the sysadmin server role.
In SQL Server 2012 RC0, logins are created for the service SID of the SQL Server VSS Writer (NT SERVICE\SQLWriter) and the Windows WMI provider (NT SERVICE\Winmgmt). These service SID logins are added to the sysadmin fixed server role.
There are other changes and news. Windows 7 and Windows Server 2008 R2 have two new types of service accounts: managed service accounts (MSA) and virtual accounts.
I wrote a few changes I noticed after installation and after I read documentation. It’s good to know what changes are done with SQL Server services accounts and I recommend that you read the BOL article: “Configure Windows Service Accounts and Permissions”.