Re: SQLServerAgent Service
From: Mark J. McGinty (mmcginty_at_spamfromyou.com)
Date: 06/12/05
- Previous message: LvBohemian: "SQLServerAgent Service"
- In reply to: LvBohemian: "SQLServerAgent Service"
- Next in thread: LvBohemian: "Re: SQLServerAgent Service"
- Reply: LvBohemian: "Re: SQLServerAgent Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 11 Jun 2005 21:00:05 -0700
"LvBohemian" <LvBohemian@discussions.microsoft.com> wrote in message
news:391E1AEF-232B-439F-AA11-8FBD60628134@microsoft.com...
> SQLServerAgent Service
>
> According to the following I can not run the SQLServerAgent Service with a
> account that is not a member of the SysAdmin role...
>
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/adminsql/ad_automate_3w8k.asp
>
> Has there been any update to this?
>
> This really blows!
>
> Has anybody found a way to run SQLServerAgent Service without it being a
> member of the SysAdmin Role?
That's a really poorly written article, and if by "system account" they
meant the "LocalMachine" account it's inaccurate as well. LocalMachine is
not a member of Administrators nor any other group by default, it is
therefore not an automatic member of the sysadmin fixed server role, yet it
functions perfectly well as the context for the SQL Agent service.
If you have a problem with running services under LocalMachine, you have a
problem with Windows in general. If you need to run it in an account other
than LocalMachine (like say you need to access a network share from within a
job) then an admin-level account may be the path of least resistance, but
there are options, if you have the time and expertise to spend on it. It's
merely a matter of sifting through the permissions and privileges necessary
to do what SQL Agent has to do -- albeit a daunting task, but surely
do-able.
Remember that there is no shortage of fiction to be found in msdn, there are
typos, there are articles that have become outdated or obsolete, there are
items so enveloped in marketing hype that the occurrence of actual technical
facts within them is nothing short of a miracle, and there are even
"statements of fact" that are downright untrue -- case in point, the
definition of the low-order 4 bytes of a SQL datetime field (it is not
number of milliseconds, I can prove it in 4 lines of T-SQL script.)
Bottom line, don't blindly accept everything you read, no matter how
authoritatively written it is, even if you found it in msdn.
-Mark
> I am trying to lock down my SQL Server 2000 SP3a databases and this is a
> major impass for me!
>
> The last thing I want to do is run a service that has full access to
> everything in my database!
>
> And at the minimum be a member of the machine local admin group...
>
> We all know if that account gets cracked they can pretty much take over
> the
> world so to speak...
>
> There has to be someother way!
>
- Previous message: LvBohemian: "SQLServerAgent Service"
- In reply to: LvBohemian: "SQLServerAgent Service"
- Next in thread: LvBohemian: "Re: SQLServerAgent Service"
- Reply: LvBohemian: "Re: SQLServerAgent Service"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
