.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Register
 
Win Surprise Gifts!!!
Congratulations!!!


Top 5 Contributors of the Month
Kaviya Balasubramanian
Imran Ghani
Post New Web Links

Account used to run SQL service

Posted By:      Posted Date: April 10, 2011    Points: 0   Category :
 

I was using XX account to run SQL service, integration service and SQL agent. This XX account was assigned to run these services during the SQL server installation. It was also given ssyadmin rights on the SQl server. Recently due to some security concerns I had to change xx account to a new yy account. Both are AD accounts. Now I did not include this YY account anywhere on the sql server but it can still run the SQl service, integration service and Agent. I always that the account used to run these service should be included in the SQL server logins with some kind of permissions. Is it not.

By the way I am using SQL 2008


Rama DBA


View Complete Post


More Related Resource Links

SQL Agent - service account permissions - SQL Server 2008

  
Hi @ all   I installed two SQL Server 2008 on Server 2008 R2 Std (principal and mirror) and an AD Server 2008, with sperate service accounts, connect as SA, localy all works fine. I created some agent tasks (PowerShell, T-SQL), but I get some Error massages in the history, that service account of SQL Agent didn't have the permission to query a remote machine(access denied for wmi (HRESULT: 0x80070005 (E_ACCESSDENIED)) and linked database(SQLSTATE 42000 Error(7314)). The simple query with SA permissions on the remote machine works and the powershell scripts with the local domain user works too. But not with the SQL Agent. WHY?? Where ist the different between the user account permisions and service account permissions? Which settings are needed? Example: get-wmiobject -class win32_service -computername 192.168.xxx.xxx| where {$_.name -like '*SQL*'} Powershell Console: works                                     SQL Agent Job: access denied I tried some solutions with user rights, group policies and security permissions but nothing works. like: Configuration -Service Accounts, SQL Server or SQL Server Agent service account http://support.microsoft.com/kb/283811/en-us http://msdn2.microsoft.com/

Get Service Account Details of the SQL Agent Service

  
Hello, How can I get the Service Account name for the SQL Agent service for a particular SQL Server (SQL 2005). Is that possible to get using SQL statements? Thanks, Prabhat

Change the Timer Service Account

  
I did an install with Sharepoint 2010 RTM and have it working well but when I checked the Monitoring - Review Problems and solutions it states a security concern that the Farm Account should not be used for other services.  At this stage I have to change out the timer service since it is using the farm account.  But I don't see the timer service in the "Security - Manage service Accounts" location.  I created a timer account with no problems but how does one go about changing the timer service to use this account?  I know I can go to services and change it there but I am wondering if there is a need to do this within Sharepoint?  Am I missing a credential management piece that did not show up in the list of services? Any help would be appreciated Workerbee09  By the way, The problem points to a failing service SPTimerService (SPTimerV4) but its started and working cause I can see services being started and history of the service where it was successfull. 

User Profile Service account Write to AD Permissions

  
I followed this guide here (http://www.harbar.net/articles/sp2010ups.aspx) to provision the UPS service in sharepoint 2010. I found the guide very helpful and informative. Everything is working correctly except for the write back to AD I've followed the steps and have assigned the listed permissions to the UPS service account, however I still get permissiong errors in the FIM GUI Our AD is running in a 2008 environment but is in 2003 mode, so I made sure to add the UPS account to Pre Windows 2000 Compatible access built in group and restart the server so that the new group settings would take affect. Do I need to reprovision the UPS service or something? Or am I missing something completely. (Hopefully the latter lol!) Thanks RKB

Change the Timer Service Account

  
I did an install with Sharepoint 2010 RTM and have it working well but when I checked the Monitoring - Review Problems and solutions it states a security concern that the Farm Account should not be used for other services.  At this stage I have to change out the timer service since it is using the farm account.  But I don't see the timer service in the "Security - Manage service Accounts" location.  I created a timer account with no problems but how does one go about changing the timer service to use this account?  I know I can go to services and change it there but I am wondering if there is a need to do this within Sharepoint?  Am I missing a credential management piece that did not show up in the list of services? Any help would be appreciated Workerbee09  By the way, The problem points to a failing service SPTimerService (SPTimerV4) but its started and working cause I can see services being started and history of the service where it was successfull. 

WCF Service Unable to Access Personal Certificate Store Unless Service Account is Logged In

  
I created a WCF service that has a method which makes a call to a SOAP web service over the internet. In order to make a call to the SOAP web service, it requires that an X.509 certificate be sent with the HttpWebRequest. The X.509 certificates are loaded in the Personal and Trusted Certificate store of the account which the service is running under. When the service account is logged into the server, everything works just fine. However, when the service account is not physically logged onto the server, it has problems loading up the X.509 certificate and fails authentication when trying to make the HttpWebRequest. I am new to WCF services so I don't even know where to start looking. Can anyone please help? Thanks in advance.

assigning spn to service account

  
I have installed MOSS 2007 to use Kerberos. Prior to the installation I assigned SPN HTTP/servername.domain to each of my service accounts: Farm Account, Content Pool, Shared Services Pool and Shared Services Account. I did this knowing that I would have to add / drop SPNs later, according to port numbers. (I followed guides by Scott Hillier and Martin Kearn). My question is: what specific service/app pool do I assign to these accounts? When all have the same generic SPN that I assigned originally everything works, but I receive KDC error #4 every 30 minutes or so. KDC error 4 states that there are 'multiple accounts with name HTTP/*****.*** of type DS_SERVICE_PRINCIPAL_NAME. I have been using trial and error in assigning variations of the HTTP service (using port numbers from my MOSS instance).Is there a better way? Because this is not working so well.

Unable to change the Service account??

  
Followed this guide: http://support.microsoft.com/kb/832770 I have setup my account SPadmin to have access to my SQL DB i went into IIS and attempted to change it there for my Default sharepoint site in the applications pool page > Properties>Identity Nada, i changed it his apply reset IIS and back to my old account(very frustrating) so further reading showed attempting to change it via Central administration.   Went there and chose Operations>Service accounts chose my webservice,Application pool and configurable and setup my SPadmin, reset IIS and still no change.   Thoughts? i feel like there is  some stupid step i'm missing because it will not change regardless.   Thanks Steve K

SPTrace service account requirements

  
Iam getting an alert that says my SPTraceV4 service is using a built in account.  I checked an sure enough it is using a local system account.  The problem is I can't figure out how to change the account in sharepoint - I tried manually changing the service in MMC to a domain account but this did not resolve the alert.  Does anyone know how to do this, and if I do have to do it manually, what rights & permissions this account needs? Thanks!  

Service Account for SQL Server 2000 Cluster

  
Dear All, One of my customer is running a active/active SQL 2000 cluster in Windows 2003 and the service account for one of the instance is LocalSystem account. I am not sure how they changed the service account to localsystem because SQL Server doesn't allow LocalSystem account as your service account when you install it on a cluster and it doesn't allow to change the service account to LocalSystem account in Enterprise Manager when running in a cluster. I searched for documentation to findout whether Microsoft supports running SQL Server using LocalSystem account in a cluster but I am unable to find a documentation. Please help me to identify the documentation regarding the support or share your experience Regards BalajiRegards,Balaji, Please mark as answer if you think this answers your questions

SharePoint 2007 - Survey list - Getting user's Windows account ID from a web service using display

  
Surveys...grrrr.   I am developing a .NET console application that accesses survey data from a single survey list using the MOSS web service "Lists".   I am able to enumerate the survey list and get to the items except for the author of the survey response.  When I get to the column ows_Author, it appears to be a lookup value formatted like this:  "1066;#JOHN DOE".   How can I, using web services alone, lookup the corresponding Windows login ID of that user?  If I go to the survey in SharePoint and click on the name in the view, it takes me to a site-based user profile page that does show the account ID I want.  The page that displays appears to be a virtualized page like this "_layouts/userdisp.aspx?ID=1066".   What I really need is JOHN DOE's account ID like "domain\id". Can I get to this with the data I have available? Thanks

Service Account Passwords with Automated Install

  
I am trying to automate the install of SQL using a PowerShell scipt to call setup.exe using a ConfigurationFile.ini answer file.  For testing purposes I am not using a /q to make it silent so that I can make sure all of the data is correct on all of the different pages.  The file works fine except I always have to put the passwords in for the service accounts.  I am using a different domain account for each service.  When I try to put the passwords in the ConfigurationFile.ini, the setup always fails telling me (in the log file) "The credentials you have provided for the SQL Server Agent Service are invalid".  Am I going about this in the wrong way?

1511 Error on AppPool service account

  
How do I resolve the following error in the Windows application event log? This error occurs on the Web Application (managed) service account. Event Type: Error Event Source: Microsoft-Windows-User Profiles Service Event Category: None Event ID: 1511 Date:  6/08/2010 Time:  4:01:41 PM User:  [domain]\svcSharePointAppPool Computer: [my SP server] Description: The description for Event ID ( 1511 ) in Source ( Microsoft-Windows-User Profiles Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: The event log file is corrupt..

Does Cube Synchronization Support Network Service Account

  

Hi,

We are doing Cube Sync between 2 servers. Analysis Service on Both Machines are running under built in Network Service account. When i do cube sync i get following error;

Executing the query ...
Errors in the OLE DB provider. The server returned the following error:  (Either the user, DOMAIN\MACHINE$, does not have access to the Country database, or the database does not exist.).
Backup and restore errors: An error occurred while synchronizing the 'Country' database.
Execution complete

Does SSAS Sync supports using Network Service Account?

If Yes then how do i do this. I tried creating a role in SSAS database and Give Full Rights to Network Service account of source server but i keep getting error DOMAIN\MachineName$ not found.

Please advise.

Thanks


Amit

Item has already been added. Key in dictionary.. How do I clean up service account? Very nasty

  

I made a few changes in service accounts and now CA Configure Service Accounts and other application pages fail with wtth:

Item has already been added. Key in dictionary: 'dev\svcebrd'  Key being added: 'dev\svcebrd'

Here is what log says when FarmCredentialManagement.aspx opens:

SID |0 cannot be resolved. Using old name: |1. |2

System.ArgumentException: Item has already been added. Key in dictionary: 'dev\svcebrd'  Key being added: 'dev\svcebrd'    at System.Collections.SortedList.Add(Object key, Object value)     at Microsoft.SharePoint.WebControls.ManagedAccountPicker.OnInit(EventArgs e)     at System.Web.UI.Control.InitRecursive(Control namingContainer)     at System.Web.UI.Control.AddedControl(Control control, Int32 index)     at ASP._admin_farmcredentialmanagement_aspx.__BuildControl__control22(Control __ctrl)     at Microsoft.SharePoint.WebControls.InputFormControl.OnInit(EventArgs e)     at System.Web.UI.Control.InitRecursive(Control namingContainer)     at System.Web.UI.Control.AddedControl(Control control, Int32 index)     at ASP._admin_farmcredentialmanagement_aspx.__BuildControl__control16(Control __ctrl)     at Micros

Is there PowerShell command to change service application account?

  

I associated User Profile Synchronization Service with managed account "svcebrd" in CA. For some reason this created duplicated managed account. Now there are two "svcebrd" under Configure Managed Account. If I try do delete one of the accounts in CA I get "key has already been added in dictionary". Running Remove-SPManagedAccount fails with "The account Dev\svcebrd is still being used by ... User Profile Syncronization Service".

Does anybody know powershell command to changed service application account?

 


SQL Job not able to sen email after SQL Server Service Account change

  

Hi,

I changed on the SQL Server service account to a least priviledge domain user.  However after the change, one of my sqljob which use sp_send_dbmail is not functioning. after checking on the log, it mentioned no permission. i tried to set the MSSQLUser Group as db_owner of msdb database, but it was not helping. When i set the MSSQLUser group as sysadmin ,then only the job able to send email. what could be the least priviledge of the service account so that i able to send email via sql job?


Categories: 
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend