Ran across this fun issue today, we had to migrate a database to a new server as part of a deployment and when we tried to attach the database, we received a permissions error. Well after checking permissions on the source, the permissions that were missing were the MSSQLSERVER – Full Control.
The actual account is called : NT SERVICE\MSSQLSERVER
This is not a standard account, it does indeed have a SID, but you cannot add this in the normal way. The account listed is a service account and we found the answer here:
here is the solution we found to be helpful:
Described in the very complicated Books Online topic Configure Windows Service Account and Permissions http://technet.microsoft.com/en-us/library/ms143504(v=sql.110).aspx in the section Windows Privileges and Rights. The per service SID should be assigned the access permission on the file location, in your case somewhere on the D drive. To grant that permission, right-click the file system folder, and then click Properties. On the Security tab, click Edit and then Add. Now you are in the Select Users, Computer, Service Account, or Groups dialog box. Click Locations, and then at the very top of the location list, select your computer name, and then click OK. Now in the Enter the object names to select box, provide the name of the per service SID listed on that Books Online topic. For the Database Engine per service SID, use NT SERVICE\MSSQLSERVER for a default instance, or NT SERVICE\MSSQL$InstanceName for a named instance. Click Check Names, it will tell you name not found, then click OK, and it will pop up a Multiple Names Found dialog box. (At least it does on my computer.) Now select MSSQLSERVER and click OK a couple of times to back up. Eventually you get back to the spot where you can allow full control to the per service SID. Repeat for the SQL Server Agent account if you need to.
In addition we set the “owner” of the files to this service account as well.
I guess we could have just done a backup and restore, or just done the copy database wizard, but this should still be an option where downtime from stopping the services is not an issue.