Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL Server 2008 - SqlServerSQLAgent$TOMMY$MSSQLSERVER2008 folder ACL Expand / Collapse
Author
Message
Posted Monday, January 14, 2013 11:37 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, November 21, 2014 1:40 AM
Points: 94, Visits: 410
Hi Guys,
I created 2 local windows accounts in my laptop, both accounts are in users group.

I installed SQL Server 2008 with the below startup accounts assigned:
- SQL_ENGINE - to start db engine
- SQL_AGENT - to start SQL Agent

As part of hardening requirement, i removed the "users group" permission from the binn folder.
After removing, I'm not to startup the AGENT - error5: access is denied.
Have no problem starting up SQL Engine though.

From my investigation, the issue is due to "SqlServerSQLAgent$TOMMY$MSSQLSERVER2008" not having access to the binn folder. It is working before hardening as the binn folder has users group permission and SQL_AGENT belongs to the group.

My question is, why doesn't SQL Server grant "SqlServerSQLAgent$TOMMY$MSSQLSERVER2008" access to binn folder by default? I thought is should do so by default? Only "SQLServerMSSQLUser$TOMMY$MSSQLSERVER2008" is granted so no issue with DB Engine started up after hardening.

Folder:
D:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER2008\MSSQL\Binn

Hope someone understand what I'm trying to explain.

thanks
thanks
Post #1407043
Posted Tuesday, January 15, 2013 5:51 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Friday, November 21, 2014 1:40 AM
Points: 94, Visits: 410
anyone can advise?
thanks
Post #1407205
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse