January 30, 2009 at 1:56 am
Hi everybody
Our Operations team monitors servers (including our SQL Servers) with MOM 2005. There is a login on each of our SQL Servers (a mix of 2000 and 2005 servers) for a domain account which we'll call OurDomain\MOMService. I'm concerned that this is a member of the sysadmin server role on all the servers, but I can't find anything on Microsoft or any of the blogs that tells me what access it requires to the servers. Does anyone out there know what server role(s) the login should be in, and what access, if any, it requires to the databases?
Thanks in advance
John
January 30, 2009 at 6:18 am
I don't know for sure, but if I remember correctly this acount must be sysadmin or at least very close to that.
The reason if that the MOM agent needs to execute certain system procedures and views which only sysadmins have permissions for. One example is sp_readerrorlog.
Just make sure that the account has a secure password.
[font="Verdana"]Markus Bohse[/font]
January 30, 2009 at 6:26 am
I think these are the rights that is needed. Please dont quote me on it. I could be wrong
On Windows Server 2003, the Action Account must have the following minimum privileges:
Member of the Local Users Group
Member of the Local Performance Monitor Users group
Access to Windows Event logs
Manage auditing and security log privilege (SeSecurityPrivilege)
Generate security audits privilege (SeAuditPrivilege)
Allow log on locally logon right (SeInteractiveLogonRight)
-Roy
February 2, 2009 at 2:48 am
Thanks, guys. I was really only interested in SQL Server permissions, so what Markus says sounds like what I need. Can anyone else confirm or deny it at all?
Cheers
John
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply