$ sql-server-install
Step-by-step guide for installing MS SQL Server on Windows Server. Tested and optimized according to best practices.
SQL Server 2025 · GA: Nov 18, 2025 · Latest Version · Compatibility 170
2
Windows Power Plan → High Performance
Balanced mode throttles CPU frequency and slows down SQL Server
▼
Windows defaults to the Balanced power plan, which lowers CPU frequency when idle. This causes noticeable latency. Change it to High Performance.
powercfg /setactive SCHEME_MIN powercfg /getactivescheme
ℹ
For virtual machines (VMware, Hyper-V), also check the host server power plan. Make sure VM power management does not block the High Performance plan.
3
Required Windows Features
.NET Framework, WMI, Remote Registry
▼
SQL Server requires certain Windows features. Install them before running the SQL Server setup.
Install-WindowsFeature Net-Framework-Core Install-WindowsFeature Net-Framework-45-Core
4
Create Dedicated Service Accounts
Separate accounts for SQL Server Engine, Agent, and SSRS
▼
Use separate low-privilege accounts for each SQL Server service. Never use Local System, Local Admin, or Domain Admin accounts!
🚫
Using the SYSTEM account is a critical security risk. The Health Check will flag this as "critical". Always create dedicated service accounts.
- ●svc-sqlengine — SQL Server Database Engine service. Minimum privileges, logon as service.
- ●svc-sqlagent — SQL Server Agent. Separate account, rights to run Agent jobs.
- ○svc-ssrs — Reporting Services (only if SSRS is installed).
💡
In a production domain environment, use gMSA (Group Managed Service Account) — passwords rotate automatically and require no manual management.
5
Firewall Rules
SQL Server port 1433, Browser 1434/UDP
▼
Open the necessary ports in Windows Firewall. Always use specific source IP ranges in your rules, never "any".
New-NetFirewallRule -DisplayName "SQL Server TCP 1433" -Direction Inbound -Protocol TCP -LocalPort 1433 -Action Allow New-NetFirewallRule -DisplayName "SQL Browser UDP 1434" -Direction Inbound -Protocol UDP -LocalPort 1434 -Action Allow New-NetFirewallRule -DisplayName "SQL DAC TCP 1434" -Direction Inbound -Protocol TCP -LocalPort 1434 -Action Allow
2
Collation Selection
Critically important — changing later is very difficult
▼
Collation determines how SQL Server sorts and compares text. Changing the server-level collation after installation is highly complex (requires reinstallation).
🚫
Do not use SQL_Latin1_General_CP1_CI_AS — it is an outdated legacy collation. Always use a Unicode-based collation.
| Collation | |
|---|---|
| Finnish_Swedish_CI_AS | ✓ (ET) |
| Latin1_General_CI_AS | ✓ (Intl) |
| SQL_Latin1_General_CP1_CI_AS | ✗ Legacy |
3
Features to Install
Install only what you actually need
▼
Reduce the attack surface — install only the required components. Additional features can always be added later.
- ●Database Engine Services — Required. The core of SQL Server.
- ●SQL Server Agent — Required. Automated jobs, backups, maintenance.
- ◉Full-Text Search — Recommended if your application uses text search.
- ○Reporting Services (SSRS) — Only if needed. Install on a separate server if possible.
⚠
Machine Learning Services, PolyBase, R, Python — Do not install unless required. They add to the attack surface and consume resources.
4
Data Directory Locations
Data, Log, TempDB, and Backups on separate drives
▼
Set all directories correctly during the installation wizard. Moving them later is tedious and requires downtime.
✓
TempDB file count: In the setup wizard, set the number of TempDB files = number of logical processors, up to a max of 8. Example: 8 logical processors → 8 TempDB data files, all equally sized.
5
Authentication Mode and SA Account
Windows Auth vs Mixed Mode, Securing SA
▼
If possible, use only Windows Authentication. If the application requires SQL logins, select Mixed Mode — but secure the SA account immediately after installation.
⚠
After installation, rename the SA account and disable it (if not used). Set a strong password for SA even if it is disabled.
ALTER LOGIN [sa] WITH NAME = [sql_sa_disabled]; ALTER LOGIN [sql_sa_disabled] DISABLE; CREATE LOGIN [AdminUser] WITH PASSWORD = 'StrongPassword!'; ALTER SERVER ROLE [sysadmin] ADD MEMBER [AdminUser];
2
Instant File Initialization (IFI)
Dramatically speeds up data file creation and autogrowth
▼
IFI allows SQL Server to initialize data files without zeroing out disk space. Speeds up file creation and autogrowth 10-100x. Does not affect log files.
✓
After enabling IFI, run the Health Check tool — it will automatically check the IFI status and let you know if the setting is applied.
3
Enable Remote DAC (Dedicated Admin Connection)
Emergency access to an overloaded server
▼
DAC allows a connection to the server when SQL Server is otherwise overloaded and rejecting normal connections. Without it, you may be locked out of the server during an emergency.
4
Configure Database Mail
Required for alerts and Agent job notifications
▼
Database Mail allows SQL Agent to send emails regarding failed jobs, alerts, and warnings. Without it, you will not receive automated notifications.
5
Critical SQL Agent Alerts
Severity 19-25 and data corruption alerts
▼
Create alerts for critical SQL Server errors. Without them, you won't be notified about data corruption or critical hardware faults.
2
Apply Core Configuration
Max Memory, MAXDOP, CTP, and other critical settings
▼
After installation, many critical settings remain at defaults which are not suitable for production. Proceed to the configuration guide.
3
Configure Backup Plan
FULL, DIFF, LOG backups as Agent jobs
▼
Before first use, you must configure backups. SQL Server does not back up anything automatically by default.
💡
Use the Ola Hallengren maintenance solution — the industry standard for SQL Server backup and maintenance jobs. Free and well-tested.
✓
Installation Complete!
Next steps: configure SQL Server for optimal performance