?
Solved

What user is used by SQL server when connecting to remote file

Posted on 2014-02-12
7
Medium Priority
?
398 Views
Last Modified: 2014-02-12
I'm running this SQL code
CREATE ASSEMBLY dlls
/*FROM '\\192.168.50.17\SQL-dll\SQL-dll.dll'*/
FROM 'c:\temp\SQL-dll.dll'
GO

Open in new window

This code is run on 192.168.50.17, in SSMS remotely connected to the SQL server. It expects the dll file to be at c:\temp at the SQL server (WinWebServer2008), and it works.
However, I would like to connect to the file that is located on 192.168.50.17 (developer machine), but this does not work. Probably because there's not sufficient user rights from SQL Server to access the file system on 192.168.50.17.
Which user is SQL server using here? It is not the same user as I am connecting the SQL session with, because that user has access to the shared folder on 192.168.50.17.
Alternatively, how can I figure out which user is trying to connect to the shared folder on 192.168.50.17 (Win7)
0
Comment
Question by:lefodnes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 20

Expert Comment

by:strivoli
ID: 39853051
The account usually involved is the (local)SYSTEM or the account invoked to start SQL's service.
In order to be sure which account is used and is access denied to the computer and/or share, set the auditing on the share/folder and have a look at the Windows Security Logs.
0
 

Author Comment

by:lefodnes
ID: 39853212
Thanks strivoli. You helped me a little on the way.

I configured auditing for all users, and I watched it while running the same query from either dev machine or the server.

When running from the server SSMS, it connects from the SQL server as my user name (I'm logged in on it), and then it works (using the \\192.168.50.17\SQL-dll\SQL-dll.dll file path).

When running from the dev machine, it connects from the SQL server as "NT-AUTHORITY\Anonymous". Even if I grant Anonymous rights to the folder on the DEV machine, it cannot read the file. Why is it different? Isn't the same SQL processed, no matter where SSMS is connected from?

Is the anonymous on my dev machine not the same as anonymous on the SQL server machine?
0
 
LVL 20

Expert Comment

by:strivoli
ID: 39853285
I'll send you an official MS link that shows you how to allow anonymous access to a folder. Shortly:
a. Need to allow anonymous at the File System level,
b. Need to allow anonymous at the share level,
c. Need to allow the share to be accessed anonymously.
Will be more precise when I'll send you the full link (don't have it handy and can't find it on the net right now).

Anyway, I don't remember I had to set anonymous access when I faced same problem.

Are the 2 servers members of the same domain?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 
LVL 20

Expert Comment

by:strivoli
ID: 39853301
I didn't respond to your questions: anonymous is the same independently from the computer it tries to access from. Your anonymous rights aren't enough. This is why I'll send you full details.
0
 

Author Comment

by:lefodnes
ID: 39853447
thanks a lot for your answers. the two different machines are not on the same domain, nor on the same lan.
looking forward to see your link about this issue.thanks again.
0
 
LVL 20

Accepted Solution

by:
strivoli earned 2000 total points
ID: 39853606
Creating an anonymous share in Windows Server 2008R2 is the link I was talking about. I remembered it was an official MS link but it isn't. I've used the instructions on the link to create an anonymous access to a folder on one of my servers.
Consider carefully the security implications of creating anonymous shares.
0
 

Author Closing Comment

by:lefodnes
ID: 39853708
Super! That trick did it :)
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
This Micro Tutorial will go in depth within Systems and Security in Windows 7 and will go into detail regarding Action Center, Windows Firewall, System, etc. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question