June 19, 2019 at 3:29 am
I have about 5 or 6 powershell scripts I use to monitor 300 SQL Servers. I run the scripts as scheduled SQL agent jobs. I just realized I was not successfully auditing some servers because the domain account running the SQL Agent service on my "monitoring" server does NOT have access to ALL servers.
What is the BEST way to handle this?
A. I could use a SQL credential in the script (several disadvantages)
B. I could add a domain "service account" to our DBA windows group and then change the service on my "monitoring" server to run using that account.
C. Any better ideas?
June 19, 2019 at 6:29 pm
I like B, though you can also use a secret and store this for use as a credential in the script. I've had this be flaky, but it is what's recommended.
June 19, 2019 at 7:11 pm
Setup a proxy account using the domain windows account added to your DBA group. Then set the job steps to run using that proxy account.
No need to change the service account of SQL Server or SQL Server Agent...or setup a SQL account across all servers.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply