Re: Granting login and access privileges to LocalSystem
From: Eskimo (Eskimo_at_discussions.microsoft.com)
Date: 10/01/04
- Previous message: Dan Guzman: "Re: grant execution permission"
- In reply to: Mary Bray: "Re: Granting login and access privileges to LocalSystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 1 Oct 2004 08:15:05 -0700
Hi Mary,
Excellent suggestion! I have made it myself.
The only thing stopping us: the Product Marketing group. They want us to be
Windows security compliant. Which means we can't use trusted connections.
Which in turn means we have to use Windows Authentication to connect (SQL
Authentication, for now, is out of the question). Sigh!
This is a security nightmare.
Thanks for all your help.
The Eskimo
"Mary Bray" wrote:
> I really don't think you can use the local system account. If you really
> can't use a domain account to start the service (by far the best option) you
> will need to use a SQL login.
>
>
> "Eskimo" <Eskimo@discussions.microsoft.com> wrote in message
> news:A74F5292-BDCC-4365-B7AE-4FEEDF9E2CCF@microsoft.com...
> > Hi Mary,
> >
> > Here is the setup...
> >
> > Domain Controller :
> >
> > - Computers "Server1" and "Server2" are domain members.
> > - "UserGroup1" global user group exists.
> > - Computer "Server2" is a member of "UserGroup1"
> >
> > Server1 :
> >
> > - "SQLServer1" SQL Server 2000 instance installed.
> > - "UserGroup1" has login permissions on "SQLServer1".
> > - "UserGroup1" has read/write permissions on "Database1" database on
> > "SQLServer1".
> >
> > Server2 :
> >
> > - Services started with login "LocalSystem" need to connect to
> > "SQLServer1"
> > using ODBC.
> >
> > This setup works sometimes and other times, it does not work. *I think*
> > that
> > anytime the 'sa' SQL Server account has a password (as recommended by
> > Microsoft), the above setup fails.
> >
> > What I need to know is if it is possible to specifically give the
> > "LocalSystem" account of "Server2" login permissions on the "SQLServer1"
> > SQL
> > Server instance.
> >
> > I thought that giving login permissions to "UserGroup1", which the
> > "Server2"
> > computer is a member of, was enough. But that is not the case.
> >
> > I am either missing something, or it is simply not possible to
> > specifically
> > allow a remote "LocalSystem" account to login to a SQL Server instance.
> >
> > If you can, let me know if my situation is hopeless or if there is
> > something
> > else I can try.
> >
> > Cheers and thanks for your help,
> >
> > The Eskimo
> >
> > P.S. Using a domain account which is a member of the "UserGroup1" user
> > group
> > as the services' login on "Server2" is not an option. There are specific
> > reasons, which I will not discuss here, why we are using the "LocalSystem"
> > account as our services's login.
> >
> > "Mary Bray" wrote:
> >
> >> You need to run sql under a domain user account - local system cannot be
> >> used for cross server communication.
> >> What is it that you need SQL to do?
> >>
> >> "Eskimo" <Eskimo@discussions.microsoft.com> wrote in message
> >> news:9E17CB4E-9A8B-4AE9-B75A-F0CB5C49AD0E@microsoft.com...
> >> > Hi,
> >> >
> >> > Our software runs services that access a SQL Server 2000 database that
> >> > is
> >> > located somewhere on the domain. The services use the LocalSystem
> >> > credential.
> >> >
> >> > How can I grant SQL login access and DB read/write access to a specific
> >> > LocalSystem account on a SQL server?
> >> >
> >> > Example: On domain 'Domain1', I want to grant the LocalSystem account
> >> > of
> >> > the
> >> > 'Server1' system login access to the SQL server located on the
> >> > 'Server2'
> >> > system.
> >> >
> >> > How can this be done?
> >> >
> >> > Thanks in advance for your help.
> >> >
> >> > --
> >> > The Eskimo
> >>
> >>
> >>
>
>
>
- Previous message: Dan Guzman: "Re: grant execution permission"
- In reply to: Mary Bray: "Re: Granting login and access privileges to LocalSystem"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
