How to set permissions so a Windows Service can access my database?
-
Hi,
I'm developing a windows service that is run using the Network Service account (NT AUTHORITY\NetworkService), and it needs to access my SQL Server database to
insert/select rows from one table.
However, when the service tries to access the database, it fails to connect with
the following message:
"Login failed for user 'my_domain_name\my_machine_name$'"
I've tried adding the NetworkService as a login to the database, but this doesn't
help, and obviously adding a login for my_domain\my_machine will only work for me
and not whoever installs the DB.
Does anyone have any experience of setting up the correct permissions to do this,
or any suggestions about the way to access the login name that the machine will
use to run the service (I thought it'd be NetworkService, clearly I was wrong
)My installation is SQL Express 2005, and the SQL service itself is also running
using the Network Service account.
The database is set to use Windows Authentication, and I'd prefer to keep it that
way if at all possible.
However if the only way is to create a SQL login/user/role, could someone run me
through how to do that as I'm unfamiliar with creating users/roles?
Any help greatly appreciated.
-
Can you describe what the service is and why you don't want to use a functional account to access the database?
Any service that requires access to SL Server should be configured with a functional domain account and have permissions granted as necessary - I see no reason to use the NetworkService account. The NetworkService account is a local account, if you use it to access a netowkr resource it tries to login with the local machines account...long story short - in short; don't use it.
-
Thanks for your reply.
The service will only need to access a database that's installed on the local machine.
The service is the server-end of a multi-client networked
application, and we're using the database to store auditing information created by the various client interactions with the server.
So the service needs to be accessible over the network by client applications, and I didn't want the complication of having to set up the service with a specific domain account, hence the use of the NetworkService account.
I see your point about not using a local account if you're accessing a remote database, but in this particular application I'm not doing that.
-
Try it with a new local account - it should not be more than fifteen minutes work. Create the account, add appropriate user rights for a service (log in as a service), grant the account login to SQL, add the login to whatever SQL role you've already got.
Configure your service with the new account and test.
-
Sorry, I'm not sure I fully understand what you're suggesting:
>Create the account
Do you mean create a windows account? That would mean I would have to get the installer to do that when the user installs the service, and I'm not sure how easy that will be to do reliably.
>add appropriate user rights for a service (log in as a service)
Do you mean user rights for Windows, or granting access to SQL?
>grant the account login to SQL
>add the login to whatever SQL role you've already got.
Those last two make sense.
-
Well users shouldn't be installing anything in a well managed environment, but this is a seperate issue, let's see if we can get it working by manually setting this up, then sort out automating it.
Create a windows account - yes
User Rights - yes, I mean user rights.
Viewing 6 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply