Service User Accounts, Mapped Drives, Backups Question
Jun 26, 2007
This has been extremely confusing for me.
I want to just make a simple backup.
first of all when i choose the pick a folder to backup, no mapped drives I make are even THERE.
I realize this is probably related to the account being used, okay I thought let me change the user account to a network admin account... I still cannot see the drive.
Can't this thing just accept whatever I tell it to access like any other program??
You would think they would at least keep the standard Open File dialog so we can use the network browser or something...
I've changed my accounts all to NETWORK SERVICE, then LOCAL SYSTEM, then a DOMAIN ADMIN...
I can't get this to work correctly on this freshly installed server... can someone please help?
I'm at the point where I don't care if i have to just re-install the damn thing...
Just someone please tell me what to pick for the accounts.
Bonus: I have this same issue with reporting services and Services for Unix NFS Mapped drives.
How can I map a drive with NETWORK SERVICE Credentials so it finds the datasource path?
I've only been able to do something like this with psexec and Local System.
When logged in as Domain Admin it will show a disconnected network drive that you cant get rid of but system account can use.
I mapped a drive on to my SQL Server box. It points to another server from the same domain. When I try to backup or restore a database, I can't see this mapped drive through my SQL Server. Even if I type the entire path, SQL Server wouldn't take it. I don't have a clue about why it is not working. Can anyone throw some light on this. Your help is grately appreciated.
i have a sql cluster setup, and need to change the user account that sqlserver starts with....any ideas? i screwed up and left it using localsystem account and now i can`t get sqlmail to work. i`m trying to avoid having to create the cluster again. any info appreciated.......jim jones
set up asp .net user account on sql server 2005Question:
I've read the instructions in this article: http://www.netomatix.com/Development/aspnetuserpermissions.aspxBut do not know how to do this:You can grant 'Network Service' or 'ASPNET' user accounts permissions to connect to database.Please provide example on how to do this, thanks!
I have tried doing sql server backups to a file share and that has been taking too long. So I've decided to backup locally and then taking those backups and getting them off the server. For those that are doing this what do you use to get your backups off the server?
Msg 15466, Level 16, State 2, Procedure sp_addlinkedsrvlogin, Line 91 An error occurred during decryption. Msg 15185, Level 16, State 1, Procedure sp_addlinkedsrvlogin, Line 98 There is no remote user 'beg' mapped to local user '(null)' from the remote server 'QRY1'.
I am currently hardening our SQL 2012 (with AlwaysOn Availability Groups) environment. Both the SQL service and agent account are using service accounts (only domain user). SQL browser service is disabled. Permissions to all roles are handled by using domain groups.
Currently a lot of (default) NT Service accounts are listed (some with sysadmin privileges). Are there accounts that can be removed?
I am trying to add a linked server from a AMD x64 server (Windows 2003) with SQL Server 2005 64 bit to a Server running SQL 2000. These are not in the same domain.
I can create a linked server using the option "Be made using the login's current security context" but can not when trying to specify the security context, i.e. sa and the sa password. When I try I get the following message:
Msg 15185, Level 16, State 1, Procedure sp_addlinkedsrvlogin, Line 98 There is no remote user 'sa' mapped to local user '(null)' from the remote server 'DTS_FSERVER'.
I have several other x64 server that I have no problem creating a linked server and specifying sa and the sa password.
The problem with using "the login's current security context" option is that I get an error when trying to run any Jobs against the linked server. The job fails withe the following error:
Executed as user: NT AUTHORITYSYSTEM. Access to the remote server is denied because no login-mapping exists. [SQLSTATE 42000] (Error 7416). The step failed.
I'm sure the two errors are related. Any ideas what is going on?
If a user is mapped to "master", (in login properties, user mapping) are they able to access all dbs, even though "master" is the only one with the check mark?
Is it possible to have a different account for the accoutn that starts the MSSQLServer service and the account tied to the Mail profile on the server?
We had created an account to start the SQLServer but we are in a network where we have a 1 way trust with another domain, we trust them but they dont trust us, and our exchange is on their domain.
WE currently use Windows authentication so our account used to start SQL Server would not be trusted by exchange.
Our thoughts on a solution were to have them create a service account that we would have access to the mailbox and would also start the SQL Server but thats it.
I was just wondering if anyone else had any other suggestions.
Hi Everyone. I have 150 SQL servers (2000 MSDE). They all run using various domain accounts as their service logins. Is there an automated way to find out those service logins? Maybe a query I could run on each server? I really do not want to go to each of those 150 servers and look at their properties manualy! :S Any help would be greatly appreciated! Thank you.
Trying to install Backup Exec 12 which comes bundled with SQL Server 2005 Express. OS is a clean install of Swedish Windows Server 2003 Std R2, fully patched.
SQL fails to install, and the following is in the SQL summary-log:
Product : Microsoft SQL Server 2005 Express Edition Product Version : 9.2.3042.00 Install : Failed Log File : C:ProgramMicrosoft SQL Server90Setup BootstrapLOGFilesSQLSetup0002_VAXSRV02_SQL.log Last Action : Validate_ServiceAccounts Error String : SQL Server Setup could not validate the service accounts. Either the service accounts have not been provided for all of the services being installed, or the specified username or password is incorrect. For each service, specify a valid username, password, and domain, or specify a built-in system account. The logon account cannot be validated for the service SQL Server. Error Number : 28075
Since the installation of SQL is bundled with the Backup Exec installation, there is no(?) possibility for me to specify usernames for the different services. The Backup Exec installation is initiated under the Domain Admin's login.
I suspect the problem occurs because of the OS not being English, but I am not sure. Have installed earlier versions of Backup Exec with SQL Server 2005 Express, on Swedish Windows Server 2003, before without issues. No help at Veritas/Symantec's homepage.
I have been reading through many postings here, through the MS SQL Server Unleashed book by SAMS, the MS SQL Tech article "Failover clustering for Microsoft SQL Server 2005 and SQL Server 2005 Analysis Services" for installing a brand new SQL 2005 2 node cluster.
So far I have not found the definitive answer that I am looking for and that is, what rights does the SQL service account need to work properly? One article states that it needs both Domain Admin permissions and local admin permissions (and this is a domain account by the way) and then another article states that it only needs domain users group permissions and the least amount of privledges possible.
Can anyone please tell me what is correct for installation and running the server? The more I read about this the more confused I get.
My 3rd party backup product uses a non-service account login to perform tasks. If the account that it uses has been granted Perform Volume Maintenance tasks on the server, will it use IFI when restoring? Or do I need to have it use the service account login specifically to benefit from that?
Installed sql server 2012 enterprise. Runs with the built in account fine.
I tried entering a domain account to run as the service account from sql configuration it fails with the error "the specified network password is not correct".
I tried from services.msc and entered successfully but when I try to restart it fails that the log in credentials are wrong.
the domain account and password I entered are just fine. What's it I should do or missing?
This is the 1st time we are building a active/passive cluster with 1 node each. we usually install default instance and setup domain account as service account which will have an spn delegated. Now for active/passive cluster is it ok to use same domain account as service account for both clusters with both creating as default instance again as the windows was built as SERVER1 and SERVER2.
We have defined a local administrator to be the SQL Server and SQL Server Agent services user, and is also the job step owner for some SSIS packages I am running.
My question is, isn't by default a local administrator ALSO granted sysadmin in SQL Server? According to this link, it seems to imply this:
However, I am having some permissions problems with the local adminstrator account (i.e. SQL Server agent account) when it runs the job. The error is that it doesn't have execute permissions on sp_dts_addlogentry.
In SQL 2005, is this an acceptable (prefered) way to give an application account EXEC permissions for sprocs and funcs in a specific database?
CREATE ROLE db_executor GRANT EXECUTE TO db_executor
And then of course assign my user to this role on the database level.
I am trying to get away from adding exec to every sproc "manually" and then of course also having to add exec for any new sprocs that get added into the database.
I am doing an unattended upgrade of Sql Express with Advanced Services SP1. Before the upgrade the services run under domain accounts. I use the following command :
However after the ugrade the service accounts are running under local system.
Documentation is unclear, i find the following:
; The services for SQL Server and Analysis Server are set auto start. To use the *ACCOUNT settings ; make sure to specify the DOMAIN, e.g. SQLACCOUNT=DOMAINNAMEACCOUNT ; NOTE: When installing SQL_Engine 3 accounts are REQUIRED: SQLACCOUNT, AGTACCOUNT and SQLBROWSERACCOUNT. ; SQLACCOUNT Examples: ; SQLACCOUNT=<domainuser> ; SQLACCOUNT="NT AUTHORITYSYSTEM" ; SQLACCOUNT="NT AUTHORITYNETWORK SERVICE" ; SQLACCOUNT="NT AUTHORITYLOCAL SERVICE"
To my knowledge the <> is not required. Can someone please help as i cannot get the services accounts to run under a domain user after upgrade.
My company doesn't allow using Local Service / Network Service accounts for SQL Server. So I created domain service accounts. Can multiple SQL Server installations use the same domain service accounts ?
I am copying a database to an alternate server by restoring a full backup onto the new server. However, whether I create the logins prior to the restoration or not the user accounts in the database no longer map to logins in the master.
Unfortunately it is not simply a case of dropping the acounts as they own objects in the database.
My best solution to date has been to use the sp_addalias to alias logins of the same name to the original user. However this is a far from ideal situation as one cannot readily tell that the logins are aliased and there must be an additional overhead in doing this.
Ok. So we just moved over one DB from our original server to another server. The DB copied over fine.
Our next step is trying to see if there is a way to move accounts. Is that possible?
We have about 40 accounts (using SQL authentication) on the original server. Is there a way to move or copy those accounts to the new SQL server that is holding that same DB?
Haven't found anything in the Enterprise manager, so im thinking it will be something to do in the SQL analyzer.
My lack of knowledge in SQL is not helping me much here.
We are moving from Oracle to SQL Server 2005 for our next release and I'm looking for content that describes creating Logins, creating User accounts and what approach to take if the database is using windows authentication vs. SQL authentication.
I setup SQL Server 2012 on Windows Server 2012 with the service accounts in the local Administrator group, but now that I'd like to remove the accounts from this group I'm finding they don't have the appropriate access to the network storage. notes on setting the per-service SID's for SQL (SQL Engine, Analysis Services, Reporting Services, and Agent Service) so they can read the Data, Log, and TempDB mount points?
I am attempting to use Visual Web Developer Express with a connection to a SQL Express db from a non-admin account on my XP Pro SP2 machine.
I can do everything in the app under an admin login, but can't seem to configure the db to allow the non-admin account access to the db. I've tried tweaking WMI, using Network Service, Local Service, and Local System with NT AUTHORITY, individual logins, and group permissions, but I'm stuck.
