ontheborder
asked on
SQL 2012 NT_Authority|System, sysadmin is not checked by default
I have an application from a 3rd party that requires a different setting on my SQL 2012. I'm not real familiar with MS SQL, but can follow instructions through the Microsoft SQL Server Management Studio and I have a couple of databases already setup and working. The vendor for the application is stating the following (see below), but I'm not real sure what needs to be done. Can someone give me the steps necessary to get this configured correctly?
Here is what they are telling me:
The service runs under the Local System (NT AUTHORITY\System) account. In SQL 2012 this Local System (NT AUTHORITY\SYSTEM) account is not automatically provisioned in the sysadmin fixed server role.
Here is what they are telling me:
The service runs under the Local System (NT AUTHORITY\System) account. In SQL 2012 this Local System (NT AUTHORITY\SYSTEM) account is not automatically provisioned in the sysadmin fixed server role.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The 3rd party is a trusted vendor and we have security agreements with them, so it should be okay to allow this type of access.
BriCrowe - I believe you're on track. When I check the Database > XXXX > Security I don't see "NT AUTHORITY\SYSTEM" as an option. I opened both the Users folder and the Roles folder, and don't see it listed as an option.
BriCrowe - I believe you're on track. When I check the Database > XXXX > Security I don't see "NT AUTHORITY\SYSTEM" as an option. I opened both the Users folder and the Roles folder, and don't see it listed as an option.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks, BriCrowe. From what I can tell the NT AUTHORITY\SYSTEM account isn't installed automatically on MS SQL 2012. I'll give your suggestion a try later today and see if that works.
ASKER
After executing
CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;
I received the following message.
The server principal 'NT AUTHORITY\SYSTEM' already exists.
CREATE LOGIN [NT AUTHORITY\SYSTEM] FROM WINDOWS;
I received the following message.
The server principal 'NT AUTHORITY\SYSTEM' already exists.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
granting SA is giving the keys to the kingdom for the database server in question.
If the vendor has another option I would go with it.
If the vendor has another option I would go with it.
ASKER
Thanks. All answers were helpful. Moving to a less risky "Plan B".
Ask them if the service can run under another application account (eg: 3rdPartyService), and if DBO is sufficient for their purposes on their database(s).