Re: MSDE Service permissions

From: Andrea Montanari (andrea.sqlDMO_at_virgilio.it)
Date: 08/20/04 

Date: Fri, 20 Aug 2004 18:49:12 +0200

hi Leon,
"LM" <leonm@vtn-tech.com> ha scritto nel messaggio
news:eO0WPBthEHA.2908@TK2MSFTNGP10.phx.gbl...
> Hi Andrea,
>
> By default the services use Local System option for log on. This worked
fine
> for all admin users but did not work for a non-admin user. When a
non-admin
> user logs in (local or domain user), the services won't start using Local
> System. (side note: this is on a WinXP Pro machine). The non-admin user
> cannot start or stop any service.

actually they shoul'd run, as all this is intended to work this way... SQL
Server is run under another privileged account than the current logged
account, which only needs to connect to the specified server and query for
information..
perhaps you have to check your local policies...

> We did get it to work for the non-admin user by using the local
> administrator account for log on (I goofed when trying it the first time
by
> using domain admin password instead of local admin password). This is not
> the way we want to go, but it's the only way it does work right now.

I usually use a local account (not LocalSystem), with enought rights on
relevent share(s) if needed..

> I did find one thing via your link, in the Installation Recommendations:
> "Create a least privileged local account with which to run the SQL Server
> service. Use this account when you are prompted for service settings
during
> setup. Do not use the local system account or an administrator account. "
> There is no prompt when installing MSDE. What exactly is a "least
priviledge
> local account"?

no, there's not... that info is for a full blown SQL Server installation..
you have to set that property after MSDE installed, accessing the services
management applet... perhaps it can be done via WMI, but never tried it.. 

-- 
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtm        http://italy.mvps.org
DbaMgr2k ver 0.8.0  -  DbaMgr ver 0.54.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
--------- remove DMO to reply

Relevant Pages

  • Re: 18456 Login failed for user NT AUTHORITYSYSTEM
    ... No, not using fulltext Searching. ... problem and had ruled it out but had not though about tracing the account. ... > system and is unable to connect to SQL server. ... > SQLSERVERAGENT - but I'm sure it's not running under local system.) ...
    (microsoft.public.sqlserver.server)
  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)
  • Re: SharePoint V3 Install Error
    ... But it our case it had to do with Group Policies that forbid the account of ... WSS FAQ:www.wssv3faq.com/wss.collutions.com ... Event Source: WindowsSharePointServices3Search ... whatever you are installing WSS as sufficient rights to the SQL Server ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: Problems with WebParts
    ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SQL Server 2005 Service Accounts Questions / Seeking Recommendations
    ... the account running the SQL Server Service can be Local System, ... Given then, that you run SQL Service as Local System (for example, a common ... > I'm only going to address the Service Broker issues (and some EXECUTE AS ...
    (microsoft.public.sqlserver.security)