I am working on a deployment project where the customer is under the DOD STIGS for SharePoint and SQL server. We have run into one issue after another with this due to the lockdown in SQL server. The root of all our issues appear to be due to the PUBLIC role in SQL having all permissions removed from it. In order to get the SharePoint databases to even create the Farm and Setup accounts had to be granted sysadmin access in SQL.
I am now finding that even though It granted me rights to get the databases created, all the service applications in the farm are failing to function. There are a number of errors in the event logs around failing to start services such as bdc, managed meta data, etc. I think this is due to the fact that the service account used for these service apps does not have any rights assigned to it through the public role.
If anyone has any experience with this type of configuration any help to point me in a direction of how we might work around this is greatly appreciated. I have never worked in an environment where you could not grant the required access to the SharePoint service accounts.