Who Is Running DTS And Job, Owner Or Sql Agent Account ?
Dec 19, 2001
Hi everybody.
Need help with secuity
1. SQLAgent servive = domainMy_local_admin
2. Job created
Ownner: domainSQLDBA
step1
exec sp_Who2
step2
Run DTS
a)Connect to ANOTHER_SQL_SERVER USING windows authentication
b) truncate table xxx
3. Run daily every 1 hr
1. Who will run job, domainMy_local_admin or domainSQLDBA ?
2. What account will be used to connect to ANOTHER_SQL_SERVER in step2
thank you
View 1 Replies
ADVERTISEMENT
Aug 12, 2014
We are running SQL Server 2012 on Windows 2008 Server. I created a credential with a proxy account. In creating the credential, it asked for an Indentity and Secret. I used my windows login and password. Now, I have tested the credential and proxy account by executing a Job which calls a SSIS Package. What is the 'best practice' to use when creating a credential? Should the credential be created with another windows login, created with the same abilities as my windows login, with a non-expiring password? Should that new windows login be used as the owner of my job with the Agent?
View 8 Replies
View Related
Jul 5, 2007
Hi,
I am using SqlCacheDependency with the query notifications of SQL server 2005.
It is working nicely with the dbo.owner account but not with my web user account,
so I am thinking something is wrong with the permissions.
After searching around, it seems that the main permissions to enable are these:
GRANT SUBSCRIBE QUERY NOTIFICATIONS TO theAccount
GRANT RECEIVE ON QueryNotificationErrorsQueue TO theAccount
GRANT REFERENCES on CONTRACT::[http://schemas.microsoft.com/SQL/Notifications/PostQueryNotification] to theAccount
GRANT SELECT TO theAccount.
I enabled these and it still doesn't work. When I change my table, my cache is not getting invalidations.
Does anyone know what could be going on? Or perhaps how can I trace the problem and get some clues?
thanks so much,
-tajmahal
View 3 Replies
View Related
Nov 7, 2001
Hi, can a SQL Server Agent job owner be a userid instead of sa? I tried to changed it to my own
userid with sysadmin role but the job wouldn't run unless it is own by sa.
View 1 Replies
View Related
Nov 30, 2006
when I run a package from a command window using dtexec, the job immediately says success.
DTExec: The package execution returned DTSER_SUCCESS (0).
Started: 3:37:41 PM
Finished: 3:37:43 PM
Elapsed: 2.719 seconds
However the Job is still in th agent and the status is executing. The implications of this are not good. Is this how the sql server agent job task is supposed to work by design.
Thanks,
Larry
View 1 Replies
View Related
Sep 5, 2014
Setting up a test AlwaysOn Availability Group for one database.
However, whenever I restore the database to the replica server and join it, it ends up with my user account as the owner of the database.
Obviously I do not want a user account as the database owner, but since it is read-only I cannot modify it directly. If I were able to fail the AG over to the replica, I could change the owner then, but I cannot due to business requirements. this AG is to essentially serve as a replacement to log shipping.
I tried doing the backups and restores using EXECUTE AS login = 'sa', and yet it still shows up as my user account.
View 2 Replies
View Related
Mar 15, 2004
I have a DTS package that is owned by Joe.
A job that is owned by Domain Admin runs Joe's job every night.
Joe has left the company and his account will be deleted.
2 Questions:
1. Will the job still be able to run the DTS package ?
2. If I need to change the owner of Joe's DTS package, how do I do that ?..just a simple 'Save as' ?..and if so, I will not be able to save the DTS package with the same name...and thereby the job will not recognize the new DTS package name...will I have to re-shedule the new DTS package ?
thank you
View 6 Replies
View Related
Jul 26, 2004
Hi,
I am trying to get the sql agent account to log on with a domain account, but the error I am getting is:
SQLServerAgent could not be started (reason: Unable to connect to server '(local)'; SQLServerAgent cannot start).
View 8 Replies
View Related
Aug 28, 2007
Hi all,
Please let me know what specific privileges an user account needs to be used as LOG ON AS account for SQL Server Agent in SQL Server 2005.
Does the account needs to me in the domain administrator group?
Thanks,
Hariarul
View 2 Replies
View Related
Feb 28, 2007
Well, this is very confusing.
I have 2 servers that are members of the same AD Domain.
I need an account that can login to either one, but needs to be able to start a service, which my network admin says a local domain administrator cannot do.
So, I just decided to create an account with the same name, properties and password on both machines.
This I did. The account is a member of local Windows Administrator group on each server. Additionally, it is an SQL account on the SQL Server local instance, and a member of the SysAdmin group.
I can assign this account to SQL Server as the startup account (Log in with this account). That works fine.
However, when I assign this account to SQL Server, then SQL Server Agent quits running. So I try to assign this same account to this service and I get an error that the account 'Unknown' cannot login and needs to be a member of the SysAdmin group!??
This is a completely confusing error message since the account is a Windows Admin, SQL Server SysAdmin account and can start SQL Server fine without a hitch.
Anyone else having this very annoying problem ?!
View 1 Replies
View Related
Aug 28, 2007
Hi all,
Please let me know what specific privileges an user account needs to be used as a LOG ON AS account for SQL Server Agent in SQL Server 2005.
Does the account needs to me in the domain administrator group?
Thanks,
DBLearner
View 2 Replies
View Related
Dec 11, 2007
Hi,
If we were to assign permissions to a backup agent such as Backup Exec to backup the databases on the SQL server, what role would give the least amount but sufficient permissions to perform the backup? I know domain admin would make the agent a local admin and therefore allow it to back up the database but is there a role available to allow backup only?
Please note that I'm referring to a domain account used by Backup Exec to directly backup the databases rather than sql server agent.
Thanks.
View 2 Replies
View Related
Jun 26, 2007
Who needs to invoke the jobs in SQL05? Manually executing the job import_myteam as a user with dbo privileges fails. So, which user account should be assigned to successfully run scheduled jobs (ie, dbo)?
The package file for the job in question is located in the server€™s C:Documents and SettingsuserxyzMy DocumentsVisual Studio 2005ProjectsIntegration Services Project3Integration Services Project3MyTeam (1).dtsx, but this still fails when the user userxyz is logged on and is executing the job directly from the server console.
Step1 of the package executes as userxyz
Step 2 fails and runs as cpmc-casql02
The user account userxyz has administrator rights to the server as well as being a sysadmin of the SQL2005 database (named cpcasql02).
The account cpmc-casql02 is a €śpublic€? user of the database and is a member of the administrator group on the server itself.
This same scenario carries for tasks as simple as truncating a table and importing the contents of another table in the same database.
All of these jobs exhibit the same behavior whether run directly from the server console on remotely from a workstation connected to the SQL2005 database.
Attempting to get a really simple job working, we also created a very simple SSIS package which does a select from a database table and writes the output to a text file. When running the same package from the user€™s workstation within Visual Studio, the package executes successfully. Once copied to the server, and run from within SQLServer as MyJunePackage however, the execution fails in the same manner as described above. The first step executes successfully as the logged-in user and the second fails executed under the account cpmc-casql02.
So, again we have the same behavior of sequential steps being run as different users with unsatisfactory results. Please advise as to how to set up these jobs to run correctly and consistently.
Thanks very much,Eric W
View 1 Replies
View Related
Apr 12, 2008
what is considered best practice for privileges etc on the sql agent service account and long term need for that account to run ssis packages? I tried to understand and appreciate the article at http://www.microsoft.com/technet/prodtechnol/sql/2005/newsqlagent.mspx but felt like either it was overkill or I wasnt getting it.
View 11 Replies
View Related
Mar 11, 2008
I'm thinking of using SQL Server Agent Service for my PDA app. But, I want to use different accounts for SQL Server and SQL Server Agent Service. How can we do this in SQL Server 2005? Do we do this when installing it? Thanks
View 3 Replies
View Related
Jul 26, 2007
Am trying to run SQL Server Agent with a service account which is not in the Administrators group. Have done the following -
1. Removed the service account from the Administrators group on the machine
2. Assigned sysadmin privileges to the service account
3. Added it to the SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER role
4. Through SQL Configuration Manager assigned this account to the SQL Server Agent service
However, this does not start the Agent as a service. What is it that is missing?
View 4 Replies
View Related
Jul 10, 2006
Hello,
I need to allow SQL server 2005 to open a file in a shared directory. Any assistance or help will be greatly appreciated!
View 10 Replies
View Related
Jun 27, 2006
VS2005Hi
If I run the below code (this simply connects to SQL Server and returns the user name the connection is made under): Dim Connection As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("LocalSqlServer").ToString)
Dim AttCommand As New SqlCommand("SELECT System_USER", Connection)
Connection.Open()
Dim AttendanceReader As SqlDataReader = AttCommand.ExecuteReader
AttendanceReader.Read()
Debug.Print(AttendanceReader.Item(0).ToString)I get:
MyDomainpootle.flump
Which is the account I am running on the dev machine. I expected ASP.Net to run as ASPNET irrespective of the currently logged in account. Am I plain wrong? Do I need to change something in IIS? Do I need to change something in ASP.Net?
Any help greatly appreciated
Thanks
View 3 Replies
View Related
Dec 17, 1999
Our system is MS SQL Server v7 and NT 4. We have a stored procedure that exec's xp_cmdshell to run an external program located on the server. When a user who has 'sa' rights runs this stored procedure it works fine. When a 'non-sa' user (via the "BuiltinUsers" NT account) runs it, xp_cmdshell produces the following error:
Msg 50001, Level 1, State 50001
xpsql.c: Error 1385 from LogonUser on line 476
Is there an NT security or SQL Server setting I've overlooked that can be changed to allow non-sa users to xp_cmdshell programs?
n.b. The BuiltinUsers account does already have execute permission on the xp_cmdshell procedure.
View 3 Replies
View Related
Jul 23, 2015
Without going to services.msc / configuration manager, is there anyway to know the service account through which SQL server is running?
View 6 Replies
View Related
Apr 28, 2006
Hi
Using SQL Server 2005 with SP1, I have successfully managed to schedule jobs to run SSIS packages. They connect to another SQLServer 2000 box, using SQLOLEDB connection manager, to extract data and import it into SQL 2005. The protection level for the packages is Server storage so that the job is run under the SQL Agent account. This is a specific domain account so that it can access other servers.
However, using the same setup for a scheduled job to to run an SSIS package which connects to another SQL Server 2000 box with connection manager SQL OLEDB, I get the following error message:
The AcquireConnection method call to the connection manager "xxx" failed with error code 0xC0202009.
As the both the successful and failed jobs seem to have been set up in the same way with the same protection levels and are both run under a domain sql agent account, is there anything else I should be checking that I don't know about?
Any help is much appreciated!
View 3 Replies
View Related
Nov 15, 2007
Hello,
I am totally confused by what account I should be running my sql server database and my business layer service as.
I take it that when installing sqlserver and my service that I should be logged in as administrator.
Should I be using "Local Service", "Local System" or "Network Service" to run these processes as?
Summary of my business layer service
* Clients connect to this service on a tcp/ip port
* It accesses the file system
* it connects to the database
Thanks,
JP
View 4 Replies
View Related
Apr 24, 2007
Hi.
While hardening a ms-sql2000 , I faced with a problem and I`m completely lost !
few days of reading and google searchs didn't gave me any hint...
Here's the scenario :
Ms-sql is connected to Oracle , through "MS OLE DB provider for Oracle" .
By default MS-SQL runs as SYSTEM , but even if we change it to a "local admin"
account , everything works fine .
The problem is that it's not wise to let sqlservice to run under privilaged accounts such
as system or a member of 'local administrators' . So I tried a normal local user on the
host running sql . I fixed every related problem appearing because of using a limited user
account and ms-sql works fine in all aspects but one !
While using normal-user account , sql-server fails to load linked-servers and this error
pops up in enterprise-manager :
"OLE/DB Provider 'MSDAORA' IDBInitialize::Initialize returned 0x80004005:
The provider did not give any information about the error."
I've tried much to find root of this error ( including any comments from related KB articles... ) but no luck . My guess is that , using OLE requires administrative privileges on host , and as I'm running SqlService with normal user, it fails to use OLE. So I should give requried permissions to the user running SqlService . But the problem is that I've no idea where/how I should do that. I've already tried some registry/file permissions but non of them helped me.
Some where I red that using ODBC instead of OLE may help , but that seems fail too !
*Note that I'm almost sure it`s a problem OUT of circle of ms-sql , meaning any modifications should apply OUT of ms-sql , because simply giving local administrative privileges to the user, fix the problem.
Any comments?
regards
Hamid.K
View 4 Replies
View Related
Apr 28, 2007
Hi ,
I've asked about my problem previously in "sql server security" forum ,but
no hint . so I've been redirected here .
here's my problem :
http://forums.microsoft.com/msdn/showpost.aspx?postid=1513189&SiteID=1
View 2 Replies
View Related
Apr 24, 2008
Hello everyone,
I recently ran across with a request to check if the SQL Server Agent is running on all the servers, I immediately thought about implementing that with SSIS, since I've accomplished such repetitive task before with using SSIS.
However, I'm unsure on how to do it, my first approach was creating a script that would create a table with all services running on the machine using the DOS "SC" command, now, I don't think that's going to do what I need, since it'll only give me a list with all the services installed on the machine, but there isn't a way to throw a where clause since I get a list of services and its attributes on a single field (See below).
I was wondering if anyone has ran across such request or if anyone has any ideas or suggestions.
This is what I get on my table in a single field when I run the SC command into a # table.
SERVICE_NAME: SQLSERVERAGENT
DISPLAY_NAME: SQLSERVERAGENT
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Thanks,
One thing to keep in mind, I have both, 2000 and 2005 servers on my environment. *
---
http://www.ssisdude.blogspot.com/
View 1 Replies
View Related
Jan 5, 2006
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies
View Related
Feb 9, 2007
I have created a job that runs this code:
exec master..xp_cmdshell 'D:Trace_outputAuto_perfmonAutoperfmon.bat'
This runs fine as long as I place the counter.txt file in the windowssystem32 dir.
The bat file has this code:
typeperf -cf counter.txt -o D:Trace_outputAuto_perfMonautoperf
This starts without any issues and i see typeperf.exe in the taskmanger.
The question i have is how can i stop this without having to go into taskmanager and killing typeperf.exe?
thanks for your time
View 1 Replies
View Related
Jan 10, 2006
It is SQL server 7. Scheduled jobs were running fine until the hard drive crasked. Replace the hard drive and restored the dabases. However, all the scheduled jobs cannot run. I created new jobs using database maintenance plan and it still doesn't work. the same error occurs when viewing the Job history.
sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.
However, if I create a job by right click on the database and select backup database. This job runs fine.
What should I do to make jobs created by the database maintenance plan running again?
Thank you for your help.
View 9 Replies
View Related
May 9, 2006
Hello, I am having a problem with my sql server agent service not working. I have done some research from earlier postings and still having no luck with getting it up and running.
Problem:
"Could not start the SQLSEVERAGENT service on local computer. could be an internal Windows errow or service error.
2006-05-09 14:23:55 - ! [298] SQLServer Error: 6, Specified SQL server not found. [SQLSTATE 08001]
2006-05-09 14:23:55 - ! [298] SQLServer Error: 11001, ConnectionOpen (Connect()). [SQLSTATE 01000]
2006-05-09 14:23:55 - ! [000] Unable to connect to server '\PROBLEMTRACK'; SQLServerAgent cannot start
2006-05-09 14:23:55 - ? [098] SQLServerAgent terminated (normally)
I have reset the password for the 'sa' account and running it and got error: Error 18456: login failed for user Specify a different account to be used.
But when I try it only provides me with the 'sa' account.
My primary goal is to run some DMP ion the databases that I have on the server.
Any help would be appreciated.
View 4 Replies
View Related
Aug 28, 2007
Hi,
I'm testing my IS package in my local PC which extracts data from one SQL Server table to another SQL Server database. In BIDS, it's running without error. I also tried it in cmd with DTExec /f "c:package.dts", it also ran ok. I tried assigning it in SQL Agent as job. with same command DTExec. This time, it ran successfully but got 0 rows. I dunno what went wrong, why suddenly it cannot get data from the source.
Any idea?
thanks!
cherriesh
View 3 Replies
View Related
Feb 28, 2005
We have a DTS which loads files using FTP to another
server. This will be used by app groups and will be run
via click of button using sp_start_job,
Somehow the userid running the job gets "not sysadmin to
run cmdshell.." Top fix that, we granted it to execute the
xp_cmdshell and also created a proxy account for SQL Agent
which is an admin on server and sql. However, still we get
permission errors like "...The needed permission is
missing to run command shell.." Please help . The DTS is
being called from SQl Agent job and we don't want an admin
ID to be used .
View 1 Replies
View Related
Dec 5, 2007
If a job is currently running and I want to disable it so that it does not run as scheduled for the following night, will it disrupt the current process?
View 1 Replies
View Related