Re: SQL DBA Permissions

From: Oli Restorick [MVP] (oli_at_mvps.org)
Date: 03/26/04

• Next message: Steven L Umbach: "Re: NTLMv2 vs. Kerberos (Sorry about the similarity)"
• Previous message: GX: "Re: NTLMv2 vs. Kerberos (Sorry about the similarity)"
• In reply to: Andrew Mitchell: "Re: SQL DBA Permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 26 Mar 2004 18:29:29 -0000

I've had SQL Server 2000 running under an account that's only a member of
the guests group on the box, with the only side-effect that I could see
being a message in the event log when the service started regarding port
1433 and being unable to attach permanently (sorry, being very vague here).
Anyway, it certainly was listening on the right port and I couldn't find any
problems for my particular application.

Bear in mind I'm no SQL Server expert, though. You might be better off
asking in one of the SQL Server groups.

Regards

Oli

"Andrew Mitchell" <amitchel@removecasey.vic.gov.au> wrote in message
news:Xns94B9B2243019casey01@207.46.248.16...
> "Oli Restorick [MVP]" <oli@mvps.org> said
>
>
> > You are talking about the account your DBA uses to log on and not the
> > SQL Server service account (which requires surprisingly low privileges
> > at the machine it's running on), aren't you?
> >
>
> While we're on the subject, what permissions does the service account for
SQL
> require?
> I recently attended the MS security presentation in Melbourne, and we were
> advised that the service acct only needs restricted privileges, but I have
> been unable to find out exactly what it needs.
>
> It would be nice if MS provided a web page stating what the various
services
> (SQL, Exchange, SMS etc.) need in order to operate correctly. Having it
all
> listed on one page would make it very convenient.
>
> Andy.

• Next message: Steven L Umbach: "Re: NTLMv2 vs. Kerberos (Sorry about the similarity)"
• Previous message: GX: "Re: NTLMv2 vs. Kerberos (Sorry about the similarity)"
• In reply to: Andrew Mitchell: "Re: SQL DBA Permissions"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: SMS_MP_Control_Manager Errors ... A colleage of mine figure it out, it was "local security policy" problem, he ... IUSR_"Computer account" must be able to access the computer from the network. ... delete the Guests group from it. ... Verify that the SQL server is properly configured to ... (microsoft.public.sms.admin) Re: Error 15401 using sp_grantlogin (not addressed by current KB articles) ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ... (microsoft.public.sqlserver.security) Re: SharePoint V3 Install Error ... But it our case it had to do with Group Policies that forbid the account of ... WSS FAQ:www.wssv3faq.com/wss.collutions.com ... Event Source: WindowsSharePointServices3Search ... whatever you are installing WSS as sufficient rights to the SQL Server ... (microsoft.public.sharepoint.windowsservices) RE: Problems with WebParts ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ... (microsoft.public.dotnet.framework.aspnet) Re: Cannot connect to Query Analyzer ... For Query Analyzer, I tried replacing the file as you suggested but had the ... same results (Enterprise Manager starts up fine, ... I created an account on my laptop and changed SQL ... Try replacing the MMC app for SQL Server from the original ... (microsoft.public.sqlserver.connect)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint