Service Account Configuration for Accessing SQL

RoyATokeshi
February 25, 2009 10:07 am

Service Account Configuration for Accessing SQL

Document ID: CTX120080 / Created On: Feb 11, 2009 / Updated On: Feb 13, 2009
Average Rating:
View products this document applies to

Summary

This article provides a description on how different service accounts should be configured to grant adequate SQL permissions.

Service users are the accounts under which the Stream and Soap services run on a Provisioning server which needs both SQL database permissions and file permissions to access the Virtual Disk. Because these users are communicating with the database, they must be members of the db_datareader and db_datawriter roles and have Execute permissions for the stored procedures. The configuration wizard automatically configures the database in this manner if the Configure the database for the account checkbox is enabled under the Service account page of configuration wizard.

• Service users do not require Domain Administrator privileges, but they must be a domain member to retrieve the list of groups from Active Directory.

• Service users should not be confused by users performing role based administrative tasks through the Provisioning Server console. Console users do not require any SQL credentials but they must be members of the appropriate Active Directory groups configured for the role based administration. Generally speaking, no domain administrative privileges are required. However, there is one exception and that is for the ability to add devices to the domain. In that case, the necessary privileges must be granted to the user running the console.

• SQL permissions are totally separate from Active Directory permissions and must be managed accordingly.

Setting SQL permissions through Configuration Wizard

Network service account

If the Stream and SOAP services are running under the Network Service account, the SQL permissions must be configured on each machine running Provisioning Server, because the Network Service account is built into the local machine by default does not have domain privileges. As was stated previously, enabling Configure the database for this account sets the required SQL permission.

Specified user account

If the Stream and SOAP services are configured using a specified user account, then SQL permissions must only be configured once for each user and the first time running the configuration wizard to initialize the database.

Local system account

The local system account is for workgroup environments that require SAN access and where SQL Server is installed locally on the Provisioning Server.

This account has local administrative privileges and therefore uses the administrator account created when SQL Server is installed.

This document applies to:

Provisioning Server 5.0
Exit Print View



Primary links

Custom Search

User login

Who's new

  • Rullydery
  • eagenorce
  • rittaarier
  • swasseZex
  • gaterfoko

Who's online

There are currently 0 users and 4 guests online.

KrissysCorner.com RuthSwensonLaw.com CreativeLizardProductions.com

DISCLAIMER:

None of this has anything to do with us, someone else is responsible for the entire thing, and we have no idea who or why. We do not know anything about it. It may be alien life forms for all we know: we haven't a clue. You cannot blame us for anything that may result from your visit. That was entirely your own personal choice, made by you of your own volition, and without our knowledge. We do not, after all, have any control over you and cannot by any stretch of the imagination be expected to accept or acknowledge, be it legally or morally, any accountability for decisions made by you on an independent basis, utilizing your own free will, and without our intervention. We are therefore in no way, shape, or form answerable to anyone for any consequences arising from the aforementioned or indeed any other actions, similar or otherwise, because it was not us that did, or did not do anything. It is not even remotely our fault, and we are in no way prepared or willing to accept any liability, not even slightly, ever. We are, in fact completely and utterly blameless, in that it is definitely not our concern, and no blame can possibly be laid at our doorstep, even if we had one, the possession of which we hereby reserve as being entirely our own free choice. The onus is not on us at all, and furthermore, never has been. The entire matter is wholly beyond our control, and completely out of our hands, each of which are washed scrupulously clean of the whole business. We are not accountable for anything at all, and we hereby categorically deny all responsibility for all that has ever, or will ever happen. Our innocence is therefore wholly beyond doubt and absolutely unimpeachable, and so cannot, under even the remotest or unlikeliest circumstances, be brought into question. By clicking either on a link on this site, clicking on a link that leads to this site, or by arriving at this site by natural or supernatural means, you are in effect accepting responsibility for the fact that it is all entirely your own fault, down to the most miniscule detail, and that you are wholly accountable for whatever outcome may arise as a consequence of the aforementioned action or actions insofar as they were undertaken personally by you on an entirely voluntary basis and without any persuasion, coercion or influence from any party or parties other than yourself. Don't come sniveling to us, we are only figments of your imagination. I also agree that if I am ever with a contributor to this website during mealtimes I agree to pay for any super-sizing of their meal, or at least a nice dessert or one of those foo-foo drinks with an umbrella or a monkey. By admitting to have seen the worthless spineless drivel on this website (also known as content)

I Agree Wholeheartedly and Without Reservation to the above. (Except maybe for that part about the monkey.)

All Your Base Are Belong To Us.

Soylent Green Is People!

Never make a bet with a Sicilian when Death is on the Line!

No. Really, I do agree.