SQL Service Accounts and which to use

I've done lots and lots of searching and I cant seem to find a simple answer, I assume it is because everyone's circumstances differs however;

We need to setup a few SQL servers for production and I am not too sure which SQL service accounts to use. The servers will be running SQL 2012 and a few 2008 R2. They will be on a domain and the domain is in 2008 mode and not 2008 r2 (so no MSA accounts I assume).

Local System Account? Local User Account? Locally created user account? Network Account? Domain Account? Virtual Accounts (not too sure I understand these)?

The SQL server will be backing up to a non-domain NAS so I will need to pass certain credentials to it. I'd also like to know which account to use if it doesn't need to access a domain or an external none-domain NAS server.

Sorry if the question is 'too' newbie.

Thanks.


Most of the places I've worked have used a domain account that is otherwise unprivileged, although I've also worked places that used a local account that is otherwise unprivileged. My understanding is that this is pretty standard practice. If you google, you can find a lot of articles explaining why not to use local system, but they generally boil down to "it's too powerful, SQL doesn't need it, and if your SQL server is compromised They [TM] now have local system."

In short, I'd recommend one or more unprivileged domain accounts (depending on how many people are going to know them/how compartmentalized you need your installs to be). I recommend a domain account over a local account not only because of the ease of administration but also for credential lookups when you use integrated security.