Privilege level of SQL Server Services
SQL Server Engine/MSSQLServer
Run as a Windows domain user account with regular user privileges. Do not run as local system, local administrator, or domain administrator accounts.
SQL Server Agent Service/SQLServerAgent
Disable if not required in your environment; otherwise run as a Windows domain user account with regular user privileges. Do not run as local system, local administrator, or domain administrator accounts.
Important: SQL Server Agent will need local Windows administrator privileges if one of the following is true:
>SQL Server Agent connects to SQL Server using standard SQL Server Authentication (not recommended).
>SQL Server Agent uses a multiserver administration master server (MSX) account that connects using standard SQL Server Authentication.
SQL Server Agent runs Microsoft ActiveX® script or CmdExec jobs owned by users who are not members of the sysadmin fixed server role.
Lastly
How to change the SQL Server or SQL Server Agent service account