Who Is Running DTS And Job, Owner Or Sql Agent Account ?
Dec 19, 2001
Hi everybody.
Need help with secuity
1. SQLAgent servive = domainMy_local_admin
2. Job created
Ownner: domainSQLDBA
step1
exec sp_Who2
step2
Run DTS
a)Connect to ANOTHER_SQL_SERVER USING windows authentication
b) truncate table xxx
3. Run daily every 1 hr
1. Who will run job, domainMy_local_admin or domainSQLDBA ?
2. What account will be used to connect to ANOTHER_SQL_SERVER in step2
We are running SQL Server 2012 on Windows 2008 Server. I created a credential with a proxy account. In creating the credential, it asked for an Indentity and Secret. I used my windows login and password. Now, I have tested the credential and proxy account by executing a Job which calls a SSIS Package. What is the 'best practice' to use when creating a credential? Should the credential be created with another windows login, created with the same abilities as my windows login, with a non-expiring password? Should that new windows login be used as the owner of my job with the Agent?
Hi, I am using SqlCacheDependency with the query notifications of SQL server 2005. It is working nicely with the dbo.owner account but not with my web user account, so I am thinking something is wrong with the permissions. After searching around, it seems that the main permissions to enable are these: GRANT SUBSCRIBE QUERY NOTIFICATIONS TO theAccount GRANT RECEIVE ON QueryNotificationErrorsQueue TO theAccount GRANT REFERENCES on CONTRACT::[http://schemas.microsoft.com/SQL/Notifications/PostQueryNotification] to theAccount GRANT SELECT TO theAccount.
I enabled these and it still doesn't work. When I change my table, my cache is not getting invalidations. Does anyone know what could be going on? Or perhaps how can I trace the problem and get some clues? thanks so much, -tajmahal
Hi, can a SQL Server Agent job owner be a userid instead of sa? I tried to changed it to my own userid with sysadmin role but the job wouldn't run unless it is own by sa.
when I run a package from a command window using dtexec, the job immediately says success. DTExec: The package execution returned DTSER_SUCCESS (0). Started: 3:37:41 PM Finished: 3:37:43 PM Elapsed: 2.719 seconds
However the Job is still in th agent and the status is executing. The implications of this are not good. Is this how the sql server agent job task is supposed to work by design.
Setting up a test AlwaysOn Availability Group for one database.
However, whenever I restore the database to the replica server and join it, it ends up with my user account as the owner of the database.
Obviously I do not want a user account as the database owner, but since it is read-only I cannot modify it directly. If I were able to fail the AG over to the replica, I could change the owner then, but I cannot due to business requirements. this AG is to essentially serve as a replacement to log shipping.
I tried doing the backups and restores using EXECUTE AS login = 'sa', and yet it still shows up as my user account.
A job that is owned by Domain Admin runs Joe's job every night.
Joe has left the company and his account will be deleted.
2 Questions:
1. Will the job still be able to run the DTS package ?
2. If I need to change the owner of Joe's DTS package, how do I do that ?..just a simple 'Save as' ?..and if so, I will not be able to save the DTS package with the same name...and thereby the job will not recognize the new DTS package name...will I have to re-shedule the new DTS package ?
I have 2 servers that are members of the same AD Domain.
I need an account that can login to either one, but needs to be able to start a service, which my network admin says a local domain administrator cannot do.
So, I just decided to create an account with the same name, properties and password on both machines.
This I did. The account is a member of local Windows Administrator group on each server. Additionally, it is an SQL account on the SQL Server local instance, and a member of the SysAdmin group.
I can assign this account to SQL Server as the startup account (Log in with this account). That works fine. However, when I assign this account to SQL Server, then SQL Server Agent quits running. So I try to assign this same account to this service and I get an error that the account 'Unknown' cannot login and needs to be a member of the SysAdmin group!??
This is a completely confusing error message since the account is a Windows Admin, SQL Server SysAdmin account and can start SQL Server fine without a hitch.
If we were to assign permissions to a backup agent such as Backup Exec to backup the databases on the SQL server, what role would give the least amount but sufficient permissions to perform the backup? I know domain admin would make the agent a local admin and therefore allow it to back up the database but is there a role available to allow backup only?
Please note that I'm referring to a domain account used by Backup Exec to directly backup the databases rather than sql server agent.
Who needs to invoke the jobs in SQL05? Manually executing the job import_myteam as a user with dbo privileges fails. So, which user account should be assigned to successfully run scheduled jobs (ie, dbo)?
The package file for the job in question is located in the server€™s C:Documents and SettingsuserxyzMy DocumentsVisual Studio 2005ProjectsIntegration Services Project3Integration Services Project3MyTeam (1).dtsx, but this still fails when the user userxyz is logged on and is executing the job directly from the server console.
Step1 of the package executes as userxyz Step 2 fails and runs as cpmc-casql02
The user account userxyz has administrator rights to the server as well as being a sysadmin of the SQL2005 database (named cpcasql02).
The account cpmc-casql02 is a €śpublic€? user of the database and is a member of the administrator group on the server itself.
This same scenario carries for tasks as simple as truncating a table and importing the contents of another table in the same database.
All of these jobs exhibit the same behavior whether run directly from the server console on remotely from a workstation connected to the SQL2005 database.
Attempting to get a really simple job working, we also created a very simple SSIS package which does a select from a database table and writes the output to a text file. When running the same package from the user€™s workstation within Visual Studio, the package executes successfully. Once copied to the server, and run from within SQLServer as MyJunePackage however, the execution fails in the same manner as described above. The first step executes successfully as the logged-in user and the second fails executed under the account cpmc-casql02.
So, again we have the same behavior of sequential steps being run as different users with unsatisfactory results. Please advise as to how to set up these jobs to run correctly and consistently.
what is considered best practice for privileges etc on the sql agent service account and long term need for that account to run ssis packages? I tried to understand and appreciate the article at http://www.microsoft.com/technet/prodtechnol/sql/2005/newsqlagent.mspx but felt like either it was overkill or I wasnt getting it.
I'm thinking of using SQL Server Agent Service for my PDA app. But, I want to use different accounts for SQL Server and SQL Server Agent Service. How can we do this in SQL Server 2005? Do we do this when installing it? Thanks
Am trying to run SQL Server Agent with a service account which is not in the Administrators group. Have done the following - 1. Removed the service account from the Administrators group on the machine 2. Assigned sysadmin privileges to the service account 3. Added it to the SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER role 4. Through SQL Configuration Manager assigned this account to the SQL Server Agent service However, this does not start the Agent as a service. What is it that is missing?
VS2005Hi If I run the below code (this simply connects to SQL Server and returns the user name the connection is made under): Dim Connection As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("LocalSqlServer").ToString)
Dim AttCommand As New SqlCommand("SELECT System_USER", Connection)
Connection.Open() Dim AttendanceReader As SqlDataReader = AttCommand.ExecuteReader
AttendanceReader.Read()
Debug.Print(AttendanceReader.Item(0).ToString)I get: MyDomainpootle.flump Which is the account I am running on the dev machine. I expected ASP.Net to run as ASPNET irrespective of the currently logged in account. Am I plain wrong? Do I need to change something in IIS? Do I need to change something in ASP.Net? Any help greatly appreciated Thanks
Our system is MS SQL Server v7 and NT 4. We have a stored procedure that exec's xp_cmdshell to run an external program located on the server. When a user who has 'sa' rights runs this stored procedure it works fine. When a 'non-sa' user (via the "BuiltinUsers" NT account) runs it, xp_cmdshell produces the following error:
Msg 50001, Level 1, State 50001 xpsql.c: Error 1385 from LogonUser on line 476
Is there an NT security or SQL Server setting I've overlooked that can be changed to allow non-sa users to xp_cmdshell programs?
n.b. The BuiltinUsers account does already have execute permission on the xp_cmdshell procedure.
Using SQL Server 2005 with SP1, I have successfully managed to schedule jobs to run SSIS packages. They connect to another SQLServer 2000 box, using SQLOLEDB connection manager, to extract data and import it into SQL 2005. The protection level for the packages is Server storage so that the job is run under the SQL Agent account. This is a specific domain account so that it can access other servers.
However, using the same setup for a scheduled job to to run an SSIS package which connects to another SQL Server 2000 box with connection manager SQL OLEDB, I get the following error message:
The AcquireConnection method call to the connection manager "xxx" failed with error code 0xC0202009.
As the both the successful and failed jobs seem to have been set up in the same way with the same protection levels and are both run under a domain sql agent account, is there anything else I should be checking that I don't know about?
Hi. While hardening a ms-sql2000 , I faced with a problem and I`m completely lost ! few days of reading and google searchs didn't gave me any hint...
Here's the scenario : Ms-sql is connected to Oracle , through "MS OLE DB provider for Oracle" . By default MS-SQL runs as SYSTEM , but even if we change it to a "local admin" account , everything works fine . The problem is that it's not wise to let sqlservice to run under privilaged accounts such as system or a member of 'local administrators' . So I tried a normal local user on the host running sql . I fixed every related problem appearing because of using a limited user account and ms-sql works fine in all aspects but one ! While using normal-user account , sql-server fails to load linked-servers and this error pops up in enterprise-manager :
"OLE/DB Provider 'MSDAORA' IDBInitialize::Initialize returned 0x80004005: The provider did not give any information about the error."
I've tried much to find root of this error ( including any comments from related KB articles... ) but no luck . My guess is that , using OLE requires administrative privileges on host , and as I'm running SqlService with normal user, it fails to use OLE. So I should give requried permissions to the user running SqlService . But the problem is that I've no idea where/how I should do that. I've already tried some registry/file permissions but non of them helped me. Some where I red that using ODBC instead of OLE may help , but that seems fail too !
*Note that I'm almost sure it`s a problem OUT of circle of ms-sql , meaning any modifications should apply OUT of ms-sql , because simply giving local administrative privileges to the user, fix the problem.
Hello everyone, I recently ran across with a request to check if the SQL Server Agent is running on all the servers, I immediately thought about implementing that with SSIS, since I've accomplished such repetitive task before with using SSIS. However, I'm unsure on how to do it, my first approach was creating a script that would create a table with all services running on the machine using the DOS "SC" command, now, I don't think that's going to do what I need, since it'll only give me a list with all the services installed on the machine, but there isn't a way to throw a where clause since I get a list of services and its attributes on a single field (See below).
I was wondering if anyone has ran across such request or if anyone has any ideas or suggestions.
This is what I get on my table in a single field when I run the SC command into a # table.
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
It is SQL server 7. Scheduled jobs were running fine until the hard drive crasked. Replace the hard drive and restored the dabases. However, all the scheduled jobs cannot run. I created new jobs using database maintenance plan and it still doesn't work. the same error occurs when viewing the Job history.
sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.
However, if I create a job by right click on the database and select backup database. This job runs fine.
What should I do to make jobs created by the database maintenance plan running again?
Hello, I am having a problem with my sql server agent service not working. I have done some research from earlier postings and still having no luck with getting it up and running.
Problem: "Could not start the SQLSEVERAGENT service on local computer. could be an internal Windows errow or service error.
2006-05-09 14:23:55 - ! [298] SQLServer Error: 6, Specified SQL server not found. [SQLSTATE 08001] 2006-05-09 14:23:55 - ! [298] SQLServer Error: 11001, ConnectionOpen (Connect()). [SQLSTATE 01000] 2006-05-09 14:23:55 - ! [000] Unable to connect to server '\PROBLEMTRACK'; SQLServerAgent cannot start 2006-05-09 14:23:55 - ? [098] SQLServerAgent terminated (normally)
I have reset the password for the 'sa' account and running it and got error: Error 18456: login failed for user Specify a different account to be used. But when I try it only provides me with the 'sa' account.
My primary goal is to run some DMP ion the databases that I have on the server.
I'm testing my IS package in my local PC which extracts data from one SQL Server table to another SQL Server database. In BIDS, it's running without error. I also tried it in cmd with DTExec /f "c:package.dts", it also ran ok. I tried assigning it in SQL Agent as job. with same command DTExec. This time, it ran successfully but got 0 rows. I dunno what went wrong, why suddenly it cannot get data from the source.
We have a DTS which loads files using FTP to another server. This will be used by app groups and will be run via click of button using sp_start_job,
Somehow the userid running the job gets "not sysadmin to run cmdshell.." Top fix that, we granted it to execute the xp_cmdshell and also created a proxy account for SQL Agent which is an admin on server and sql. However, still we get permission errors like "...The needed permission is missing to run command shell.." Please help . The DTS is being called from SQl Agent job and we don't want an admin ID to be used .
If a job is currently running and I want to disable it so that it does not run as scheduled for the following night, will it disrupt the current process?
