SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER


SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER

Author
Message
Nsh
Nsh
SSChasing Mays
SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)SSChasing Mays (642 reputation)

Group: General Forum Members
Points: 642 Visits: 405

Hi,

In the MSSQL folder (windows explorer), under the security tab I see this group or username: SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER

Why is this there and what will happen if this is deleted when using xcacls.vbs for folder/file permissions.

Thanx.


EdVassie
EdVassie
SSCertifiable
SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)

Group: General Forum Members
Points: 6040 Visits: 3866

SQL 2005 creates a number of local groups during the install process. BOL has the full details of this. They hold the service accounts used to run the various SQL services.

I have looked at deleting these groups but have decided against it. If you look in the SQL portion of the registry, you will references to the SIDs of some groups, the names of others, and prefixes for the rest.

There is no Microsoft or newsgroup documentation on what impact there will be on SQL if the groups are deleted. If anything does break, Microsoft may well ask you to reproduce the problem using a standard environment (with the groups) before they can properly support you. We have a regulatory requirement to use vendor-supported software, so for us the groups have to stay.



Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Stanislav Grozev
Stanislav Grozev
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 1
I also see these groups. I would like to replace them with domain groups (instead of local) is this possible and if yes - how?
Thanks.

PS. what is "BOL"?
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10812 Visits: 1917

BOL = Books Online.

As to whether or not you can replace them? No. You should not. If you want to use domain groups, leave the local groups in place and grant similar rights to your domain groups.



K. Brian Kelley
@‌kbriankelley
Stanislav Grozev
Stanislav Grozev
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 1
Hello Brian, thanks for the answer.

The trouble is as follows - I have a NAS storage which is a part of an Active Directory forest.
When I try to create data files with SQL 2005 (SQL 2000 works fine) - I get permission denied even if I grant Full Control to Everyone. After resorting to a network sniffer, I found out that when SQL2005 tries to create the files, it tries to give permissions to the local group (the SQLServer2005MSSQLUser$ComputerName$MSSQLSERVER one) and because its SID is unknown to the ActiveDirectory, our NAS rejects it - that's why I want to use domain groups instead of local ones. Does anybody have any suggestions?

EDIT: I should mention that I am using a domain user.
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10812 Visits: 1917

Unfortunately, I don't think you can change the way SQL Server 2005 sets up itself. Typically, though, SQL Server is setup where the drives appear locally to the server where SQL Server is running. Do you not have an option of doing that?



K. Brian Kelley
@‌kbriankelley
Stanislav Grozev
Stanislav Grozev
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 1
Nope, I have to use the NAS. If I set the NAS to ignore security - everything works fine, but that's a major hole, so it is not an option. And I find it very annoying that SQL2000 used to work fine with this setup and 2005 doesn't.
K. Brian Kelley
K. Brian Kelley
Keeper of the Duck
Keeper of the Duck (10K reputation)

Group: Moderators
Points: 10812 Visits: 1917

You may have to end up contacting Microsoft Support. I believe it'll continue to be a problem, especially since I think it resets the permissions on the database files when they get created to use those local groups.



K. Brian Kelley
@‌kbriankelley
Stanislav Grozev
Stanislav Grozev
Grasshopper
Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)Grasshopper (22 reputation)

Group: General Forum Members
Points: 22 Visits: 1
Already did that, I was just hoping for quicker turnaround, because everyone's (including MS) support structure is glacial with regards to speed...

EDIT: Creating the files locally and the detaching, moving, and reattaching the DB with the new location works, but it is just a workaround.
EdVassie
EdVassie
SSCertifiable
SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)SSCertifiable (6K reputation)

Group: General Forum Members
Points: 6040 Visits: 3866

I registered a request with Microsoft that it should be possible during the install to specify the groups that SQL Server uses. The response was 'This will be considered for a future release'. I think the workaround you posted of moving the database files post-install is the best you will get in a NAS environment.

If you get a fix for SQL 2005, please let the community know.



Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search