Re: Distributor SQLSERVERAgent Account

From: Paul Ibison (Paul.Ibison_at_Pygmalion.Com)
Date: 02/10/05 

Date: Thu, 10 Feb 2005 06:44:14 -0800

There is some confusion here between service startup
accounts and SQL Server logins.
Service startup accounts can be found in control panel,
services and we are really interested in the sql server
agent one, which runs the replication jobs. This must be
a domain user account if you are to replicate from one
machine to another. LocalSystem can be used if you're
doing it all on one box.
If you're on a trusted environment, then the domain user
account on the subscriber for pull subscriptions must
have rights to the snapshot share. If it's non-trusted,
you'll need FTP.

'sa' is a SQL Server login. If your agents are set to use
impersonation, then the whole thing will be using windows
security and you can forget sql logins. If you're using a
non-trusted environment, you'll be obliged to use sql
logins.

This is explained in replication, security in BOL but
admittedly is not at all a straightforward topic :)

Rgds,
Paul Ibison (SQL Server MVP)

>-----Original Message-----
>
>Hilary Cotter wrote:
>> Is this pull? If so, your subscriber's sql server
agent should be
>running
>> under the same account as the publisher's SQL Server
agent, or an
>account
>> that is part of the local admin group on the publisher.
>
>Yes, this is annonymous pull over VPN.
>
>BTW, if default installations are used, what is the
difference between
>running SQL Server Agent as LocalSystem and sa? What is
LocalSystem? If
>SQL Server Agent is to run under sqladmin, for example,
does sqladmin
>have to be created as a domain administrator on the
subscribers'
>computer?
>
>> If this is not possible the SQL Server agent account
on the
>subscriber
>> should have rigths to read the snapshot share and
underlying files
>and
>> folders. You will probably have to craft another
snapshot share on
>the
>> publisher for this.
>
>I've got everbody and his uncle given full rights to the
share, but
>since my subscriber SQL Server Agent is running under
LocalSystem, I
>guess all bets are off as to why he can't access the
share.
>
>Sorry for all these basic questions, but my accts are
all screwed up
>and my brain is mush.
>
>Thanks
>
>.
>

Relevant Pages

  • RE: DTS Package fails when Scheduled
    ... Make sure SQL Server Agent account has the correct rights/permissions. ... scheduled job under this context, I still received the error, even though I ...
    (microsoft.public.sqlserver.dts)
  • Re: Problems with SQL Srv. Agent and Proxy Account
    ... I have tried with both the sa account and with Use Windows ... Authentication on the SQL Server AGent Connection tab. ... >>rights recording to INF: Reset Proxy and the ...
    (microsoft.public.sqlserver.security)
  • Re: cant find directory when package scheduled as job
    ... the batch file to map the drive. ... from the DTS designer but fails when it is scheduled as a SQL Server Agent ... under my windows account and the packages executes correctly when run via ...
    (microsoft.public.sqlserver.dts)
  • Re: Problems with SQL Srv. Agent and Proxy Account
    ... You need to go to the General Tab of the SQL Server Agent ... >I have tried with both the sa account and with Use Windows ...
    (microsoft.public.sqlserver.security)
  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)