Re: Service account, again.....
From: John Alderson (jalderson.spamnot@adelphia.net)
Date: 12/31/02
- Next message: Sue Hoegemeier: "Re: ISA Server and SQL Server 2000 - conflict"
- Previous message: Tom Tornqvist: "Service account, again....."
- In reply to: Tom Tornqvist: "Service account, again....."
- Next in thread: Tom Tornqvist: "Re: Service account, again....."
- Reply: Tom Tornqvist: "Re: Service account, again....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "John Alderson" <jalderson.spamnot@adelphia.net> Date: Tue, 31 Dec 2002 07:27:11 -0500
"Tom Tornqvist" <tom.tornqvist@tietoenator.com> wrote in message
news:#dzOw4LsCHA.1676@TK2MSFTNGP10...
> Hi!
>
> I'm a bit confused.... I want to have the SQL 2000 Server service running
on
> a local user account with no administrative privileges, but no matter
which
> advices I follow it doesn´t work. The platform is a Windows 2000 Server.
>
> Using the Enterprise manager, I change the "Start and run SQL Server in
the
> following account" to the local account which I have created. When I check
> the local security policies, the account has gained privileges to run as a
> service etc.
>
> I have checked the registry, the account has Full Controll on hives
needed,
> NTFS rights are OK and no errors in the event logs, except the supersocket
> info: failed to get exclusive port use.... This is, according to an
earlier
> message, generated because the account is not a local administrator.
>
> In the SQL error log, how ever, I find the following rows:
> Encountered an unexpected error while checking the sector size for file
> 'g:\MSSQL\data\tempdb.mdf'
> WARNING: problem activating all tempdb files. See previous errors.
Restart
> server with -f to correct the situation.
> CREATE DATABASE failed. Some file names listed could not be created. Check
> previous errors.
>
> I'm positive, that the service account has full controll on NTFS rights,
but
> still......
>
> If anybody has any suggestions, please.....!!!!
>
> Thanks guys, and a Happy New Year to all of U!!
>
> - Tomppa -
>
>
Tom,
Where does the service account have NTFS rights? Where is the SQL Server
data? You should enable Auditing on the volume and directory structure
where the SQL Data resides (hopefully not C:\). Go to Admin Tools - Local
Security Policy - Local Policy - Audit Policy and enable at least Failure
Auditing for Object Access. Then, from Windows Explorer, select the volume
where the SQL Data is, right click for Properties and choose the Security
tab. Click Advanced and the Auditing tab and select Everyone and enable
auditing for failures for all access types. Then restart SQL Server. The
Security Event Log should show you what rights aren't held.
If Everyone doesn't have any rights to the root of the partition where the
SQL Data is (Good config!), then you should grant the SQL Service account
LIST only from the root. SQL Server and esp. EM tend to walk down the
directory structure instead of going right for MSSQL\DATA\TEMPDB.MDF, etc.
Therefore, they need to be able to at least List contents from the root.
John Alderson
- Next message: Sue Hoegemeier: "Re: ISA Server and SQL Server 2000 - conflict"
- Previous message: Tom Tornqvist: "Service account, again....."
- In reply to: Tom Tornqvist: "Service account, again....."
- Next in thread: Tom Tornqvist: "Re: Service account, again....."
- Reply: Tom Tornqvist: "Re: Service account, again....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
