August 16, 2006 at 8:02 am
In our prod environment I have the following setting checked for SQL Server Agent under job system tab
Only users with SysAdmin privileges can execute CmdExe and ActiveScripting job steps
And for obvious reasons job scheduled by non SA users fail. I have found following fix in BOL
However I am not sure about what privileges does the user in step 2 require in order to have secure environment?
Thanks
Shahab
August 17, 2006 at 1:21 pm
I think that it a question that only you can answer. What do you want this Windows account to have access to on your SQL Server ? Which drive, directories, and permissions on those drives and directories. Do you want this account to have access to other servers/computers drives and directories ? At a minimum you probably want this account to be a domain user account as opposed to a local machine account. Additionally, you probably want to deny it the right to 'logon interactively'. In closing I also believe that you need to make suer that the SQL Server and SQLAgent services are executing with domain user accounts as well.
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
Viewing 2 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply