 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
SQL Server Forum / General / Security / July 2008SQL2005 non-administrator Service Account
On server BOB, the SQL Services are running under an ID that by default was added to the SQL server groups SQLServer2005MSFTEUser$-ServerName-$MSSQLSERVER etc. However, the ID is also under the administrators group and I would like to remove it from there. I used a test 2005 box to test this, however, when I removed the id from the administrators, the SQL Server Service would not start up. We did however change the name of this box as it was a replacement for an existing server, the initial name was BOBnew because it was replacing a server named BOB, then when we shut down BOB, we renamed BOBnew to BOB. In the SQL server group, the –ServerName- is still BOBnew – it didn’t change when we changed the name of the box. Could this have something to do with the SQL service not starting up? Thanks, Karime Also, i have run both of these and they both give the results "bob" SELECT @@SERVERNAME SELECT SERVERPROPERTY('MachineName'), SERVERPROPERTY ('InstanceName') When I right click on the server in Managment Studio, and hit register, it also has bob as the server name. Any assistance would be appreciated!! > On server BOB, the SQL Services are running under an ID that by default was > added to the SQL server groups [quoted text clipped - 12 lines] > Thanks, > Karime You may have this figured out by now, but some observations: Your first message says the SQL Server Service won't start, but the second message has the results of queries, so it must have started. Your second message says the queries return bob as the name of the server. Since you say "we renamed BOBnew to BOB" you sound like you don't have a problem. Do you only have a problem with the name in Registered Servers? Drop the server registration and re-register it. I probably don't understand something. If you still have a problem, please clarify.  SignatureRick Byham (MSFT), SQL Server Books Online This posting is provided "AS IS" with no warranties, and confers no rights. > Also, i have run both of these and they both give the results "bob" > SELECT @@SERVERNAME [quoted text clipped - 30 lines] >> Thanks, >> Karime The results of the "select @@servername" query are when sql server services are running under an administrator account. However, when I remove that account from the administrators group, that's when the service won't start up. The problem is that the default sql server groups (under Manage > Local Users and Groups ) still are called BobNEW (for example - SQLSERVER2005MSFTEUser$BobNew) and I'm wondering if this could be why the services won't start when the ID they are running under is removed from administrators. Is that a bit more clear? > You may have this figured out by now, but some observations: > Your first message says the SQL Server Service won't start, but the second [quoted text clipped - 40 lines] > >> Thanks, > >> Karime I suspect the problem is that the account that SQL Server is changed to run under does not have access rights to the registry and file system. Try using SQL Server Configuration Manager (SSCM) to change the account that SQL Server is running under. SSCM is supposed to be smart enough to add the necessary permissions for the new account. If that works (meaning if SQL Server starts properly), then move the original account out of the Administrators group, and then use SSCM to change the account back to the first one. (Always use SSCM to change the account used by SQL Server. Don't use the Services MMC console, because it doesn't configure access to the SQL Server registry settings and file locations.) I hope this helps. SignatureRick Byham (MSFT), SQL Server Books Online This posting is provided "AS IS" with no warranties, and confers no rights. > The results of the "select @@servername" query are when sql server > services [quoted text clipped - 64 lines] >> >> Thanks, >> >> Karime I run an SQL Server 2005 with a service account that is not a member of the Administrators group. It stopped working recently. I audited file access failures for everyone in the documents and settings and Program Files\Micorosft SQL Server directories and found that there were indeed failures. There are files that the service account needs to access in the CRYPTO area and in the SQL area that were no longer accessable to that service account. Once I found them and gave the account permissions, my server started to work again Perhaps this could be your problem? Walter Horowitz Mardovar Networking LLC > The results of the "select @@servername" query are when sql server > services [quoted text clipped - 64 lines] >> >> Thanks, >> >> Karime |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.