When you install SQL Server 2005 one of the steps is choosing the Service Account. The account you use for SQL Server's service account is a very important decision. Here is an excerpt from April/BOL2005 on the matter...
You can assign the same login account to all SQL Server services, or you can configure each service account individually. You can also specify whether services start automatically.
Setting strong passwords is essential to the security of your system. Always use strong passwords.
Customize the logon for each service account
Select the Customize for each service account check box to customize settings for individual services.
This option assigns specific logon accounts to individual services. Click this check box to implement the principle of least privileges, where SQL Server services are granted the minimum permissions they need to complete their tasks. For more information, see Setting Up Windows Service Accounts.
If this check box is not selected, the same account and settings are used for all SQL Server services.
Select any of the following services to customize its settings.
Select this service To configure authentication settings for
The SQL Server Database Engine
SQL Server Agent
The service that executes jobs, monitors, SQL Server, and allows automation of administrative tasks.
Reporting Services. Service accounts are used to configure a report server database connection. Choose a domain user account if you want to connect to a report server database on a remote SQL Server instance. If you are using a local report server database, you can use a domain user account or Local System to run the service.
SQL Server Browser
SQL Server Browser is the name resolution service that provides SQL Server connection information to client computers. This service is shared across multiple SQL Server and Integration Services instances.
Use the built-in System account
You can assign Local System, Network Service, or Local Service to the logon for the configurable SQL Server services.
The Local System option specifies a local system account that does not require a password to connect to SQL Server on the same computer. However, the local system account may restrict the SQL Server installation from interacting with other servers, depending on the privileges granted to the account.
Local System is a powerful account; it may not be appropriate for all Service settings. For more information, see Security Considerations for a SQL Server Installation.
The Network Service account is a special, built-in account that is similar to an authenticated user account. The Network Service account has the same level of access to resources and objects as members of the Users group. Services that run as the Network Service account access network resources using the credentials of the computer account.
We recommend that you do not use the Network Service account for the SQL Server or the SQL Server Agent services. Local User or Domain User accounts are more appropriate for these SQL Server services.
The Local Service account is a special, built-in account that is similar to an authenticated user account. The Local Service account has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session with no credentials.
For more information on service accounts, see Setting Up Windows Service Accounts.
Use a domain user account
Specifies a domain user account that uses Windows Authentication to set up and connect to SQL Server. Microsoft recommends using a domain user account with minimal rights for the SQL Server service, as the SQL Server service does not require administrator account privileges.
The SQL Server Agent account must have administrator privileges if you create CmdExec and ActiveScript jobs that belong to someone other than a SQL Server administrator, or if you use the AutoRestart feature. If the above features are requirements in your environment, consider using separate service accounts for the SQL Server and SQL Server Agent services.
For strong password guidelines, see Authentication Mode.
The domain name cannot be a full DNS name. For example, if your DNS name is my-domain-name.com, use my-domain-name in the domain field. SQL Server Setup will not accept my-domain-name.com in the domain field.