Re: SQL Server and Agent Accounts
- From: v-sguo@xxxxxxxxxxxxxxxxxxxx (Sophie Guo [MSFT])
- Date: Mon, 24 Oct 2005 08:19:37 GMT
Hello Maer,
The following information is for your reference:
1)
I tested the issue on my side. To test it, I set the following
configurations:
1. SQL server 2000 service startup account is the system account.
2. The SQL server agent startup account is a domain\user which is a local
administrator.
3. I log on the server locally as the domain\user, the "NT
authority\Network service" isn't a member of SQL server sysadmin.
I configure the local server as the Distributor, and then creating a
snapshot replication successfully. Therefore the result is to configure
Distributor, the user need to be a member of the sysadmin fixed server
role.
For your reference, when configuring Publishing and Distribution, SQL
server performs the following steps:
1. Execute sp_adddistributor at the server that will be the Distributor.
2. Execute sp_adddistributiondb at the Distributor to create a new
distribution database.
3. Execute sp_adddistpublisher at each server that will be a Publisher
using the Distributor.
Only members of the sysadmin fixed server role can execute
sp_adddistributor, sp_adddistributiondb, sp_adddistpublisher.
2)
Replication implements login security by requiring a user to have a valid
login account and password to connect to a Publisher, Distributor, or
Subscriber. Replication agents run under SQL Server Agent and use the
associated logins and passwords to connect to the various replication
objects and to perform their roles in the synchronization process.
On the Microsoft Windows 98 operating system, SQL Server Agent and the
replication agents run under the security account of the user logging on to
Windows. On the Microsoft Windows NT 4.0 and Windows 2000 operating system,
replication agents run under the login or security context of the
SQLServerAgent service. Each agent connects to one or more servers and must
have a valid login to complete the connection.
For more information, refer to the "Agent Login Security" topic in SQL
server Books Online:
Agent Login Security
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/replsql/rep
lsec_7it5.asp
------------------------
Applying a Snapshot
When applying a snapshot, the agents must have the following capabilities:
The Snapshot Agent connects to the publication database on the Publisher
and to the distribution database on the Distributor. The Snapshot Agent
also writes to the snapshot folder when storing the snapshot files.
------------------------
Publication Access Lists
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/replsql/rep
lsec_7cj2.asp
----------------------
When you create a publication, Microsoft SQL Server 2000 creates a
publication access list (PAL) for the publication. The PAL contains a list
of logins that are granted access to the publication. The logins included
in the PAL are members in the sysadmin fixed server role and the current
login.
----------------------
I hope the information is helpful.
Sophie Guo
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- SQL Server and Agent Accounts
- From: Maer
- Re: SQL Server and Agent Accounts
- From: Paul Ibison
- Re: SQL Server and Agent Accounts
- From: Maer
- SQL Server and Agent Accounts
- Prev by Date: Re: Alternate Replication Partner and Identity Ranges
- Next by Date: Can't install SQL Server 2005 Mobile Edition Server Tools Beta 1
- Previous by thread: Re: SQL Server and Agent Accounts
- Next by thread: Re: Dynamic and Join Filters with Multipple clauses
- Index(es):
Relevant Pages
|
Loading
