Solved

sa = NT AUTHORITY\SYSTEM

Posted on 2010-09-10
10
900 Views
Last Modified: 2012-05-10
when you assign sa as the job owner, it turns it into NT AUTHORITY\SYSTEM; why is this and the significance of it?

thanks
0
Comment
Question by:anushahanna
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 1

Accepted Solution

by:
chadcku earned 125 total points
ID: 33649719
I beleive it is the account that the local SQL service is running under. That is the local computer account.
0
 
LVL 20

Assisted Solution

by:alainbryden
alainbryden earned 125 total points
ID: 33649721
SA is the Service Account and requires full permissions. If your SQL Server Service and SQL Agent Service are running on the NT Authority\System account then that will be the Service Account owner.

--
Alain
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33649964
Alain,
>>If your SQL Server Service and SQL Agent Service are running on the NT Authority\System account

what are the other accounts on which SQL Server could be running? how can you find out which one is the current installation using?
0
 
LVL 1

Expert Comment

by:chadcku
ID: 33650009
You can look in your services control panel. In the right most column it will tell you who the user is that the service is running under. You can use any account, we use domain accounts for our SQL server services.
0
 
LVL 20

Expert Comment

by:alainbryden
ID: 33653861
Yeah if you go Run (window+R) Services.msc, you'll pull up your computer's services. You can see the 'Log on As' column as the service owner. You can change this by editing the service entry. Local System, Local Service, Network Service, as well as specific user accounts, are all valid.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 6

Author Comment

by:anushahanna
ID: 33661663
the SQL service account is "Local System Account"

how does this get converted into NT AUTHORITY\SYSTEM?
0
 
LVL 4

Assisted Solution

by:pbarry1
pbarry1 earned 250 total points
ID: 33688049
Hi!

NT AUTHORITY\SYSTEM = "Local System Account".  It's just another way of writing it.  SQL Server, Scheduled Tasks, etc. recognize "NT AUTHORITY\SYSTEM" as being what is called the "Local System Account" in the Windows environment.  

To make a long story short, when you create a job in SQL Agent and you put "sa" as the owner, the ownership is given to "NT AUTHORITY\SYSTEM" if your SQL Server doesn't support the "SQL Server Authentication Mode".   What it means depends on what the job does:  if it runs a "Operating Command (CmdExec)", it will run it with the highest privileges on the server (not a good idea from a security standpoint).  It won't have access to network ressources (shares, network path, etc) unless you grant access to the account "Domain Name\ServerName$" where "Domain name" is your domain and "ServerName" is the name of your server where SQL Agent is running (don't forget the "$" sign at the end).  If you're running a Transact-SQL (T-SQL) command, it will usually run, again, with the highest privileges ("sysadmin").  Again, not a good thing from a security standpoint unless you need to do "sysadmin" stuff.

Hope this helps.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33762835
Thanks for the helpful explanation, Barry.

you said "when you create a job in SQL Agent and you put "sa" as the owner, the ownership is given to "NT AUTHORITY\SYSTEM" if your SQL Server doesn't support the "SQL Server Authentication Mode"."

what if SQL Server Authentication Mode is allowed? how will things change in the above equation you explained?
0
 
LVL 4

Assisted Solution

by:pbarry1
pbarry1 earned 250 total points
ID: 33766580
If SQL Sever Authentication is allowed, putting "sa" as the owner of a SQL Agent job will mean that any Transact-SQL (T-SQL) command will run with "sysadmin" privileges (as if you were connected with the "sa" login and were running the SQL command) and the job will retain the "sa" as the owner.  If it's an operating command (CmdExec), it will run under the privileges of the Windows account used to run the SQL Server service and the job will retain the "sa" as the owner.
0
 
LVL 6

Author Comment

by:anushahanna
ID: 33795269
Thanks Barry.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSRS ReportViewer report timeout 7 101
issue installing SQL SERVER 2012 express on windows 7 9 39
Help writing a query 6 71
SQL Query 34 80
Having an SQL database can be a big investment for a small company. Hardware, setup and of course, the price of software all add up to a big bill that some companies may not be able to absorb.  Luckily, there is a free version SQL Express, but does …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now