Hi,
I have set up an Active Directory, Certificate Services on Windows 2003
Server. I am running SQL 2000 Server. AD and Certificate Services were
installed correctly.
My goal is to be able to use SSL when connecting to SQL Server via Query
Analyzer. I also want to keep the SQL Server installation under a "Domain
User" account with as little privileges as possible.
My problem is that SQL Server will not start when "Domain User" is only a
"member of" "Users" group. It starts when I make "Domain User" a "member of"
"Administrators". It seems that the SSL "forced encryption" will only work
with "Administrator" privileges which is the total access to control the
server, and this is not safe.
Does it mean that SSL "forced encryption" will only work under a "Domain
User" that is a "member" of "Administrators"? Is there another "Group" with
limited privileges that I could assign the "Domain User" to?
How else could I have the SSL work and SQL server installation in a "Domain
User" account?
I have tried so many different things. Wasted one week already. Nothing
works. There was some MS bug bulletin saying that this problem was fixed
with SQL 2000 service pack 2. I have service pack 3a installed. It still
does not work. The log shows the same errors as on the MS fix buletin that
was supposed to be fixed by that sevice pack. I've tried with Windows 2003
Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant get it to run. Can
you offer some more specific clues? It is so depressing and dissapointing.
Here is the MS buletin that I mentioned:
http://support.microsoft.com/default.aspx?scid=kb;en-us;314636
Thank you for your help.My first thought is with access rights for the domain
user. I am not an expert in this but I believe that there
is an access right to start a service, which you will have
to let your domain user have.
Peter
"History will be kind to me for I intend to write it."
Winston Churchill
>--Original Message--
>Hi,
>I have set up an Active Directory, Certificate Services
on Windows 2003
>Server. I am running SQL 2000 Server. AD and Certificate
Services were
>installed correctly.
>My goal is to be able to use SSL when connecting to SQL
Server via Query
>Analyzer. I also want to keep the SQL Server installation
under a "Domain
>User" account with as little privileges as possible.
>My problem is that SQL Server will not start when "Domain
User" is only a
>"member of" "Users" group. It starts when I make "Domain
User" a "member of"
>"Administrators". It seems that the SSL "forced
encryption" will only work
>with "Administrator" privileges which is the total access
to control the
>server, and this is not safe.
>Does it mean that SSL "forced encryption" will only work
under a "Domain
>User" that is a "member" of "Administrators"? Is there
another "Group" with
>limited privileges that I could assign the "Domain User"
to?
>How else could I have the SSL work and SQL server
installation in a "Domain
>User" account?
>I have tried so many different things. Wasted one week
already. Nothing
>works. There was some MS bug bulletin saying that this
problem was fixed
>with SQL 2000 service pack 2. I have service pack 3a
installed. It still
>does not work. The log shows the same errors as on the MS
fix buletin that
>was supposed to be fixed by that sevice pack. I've tried
with Windows 2003
>Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant
get it to run. Can
>you offer some more specific clues? It is so depressing
and dissapointing.
>Here is the MS buletin that I mentioned:
>http://support.microsoft.com/default.aspx?scid=kb;en-
us;314636
>Thank you for your help.
>
>.
>|||Hi Jason,
I had this in one of the article, it may be useful you ya...
The Domain User Account is much like the Local User Account in that an
administrator defines what permissions it has to the machine for SQL Server.
It doesn't have to be part of the local Administrator group, just like the
Local User Account. Both require the following permissions:
· Ability to log on as a service
· Ability to access and change the MSSQL directory
· Ability to access and change applicable .mdf, .ndf, and .ldf files
· Ability to read and write to certain registry keys (see Books Online for
the list)
Microsoft recommends a Domain User Account that is part of the local
Administrators group.
HTH
GYK
"Peter The Spate" wrote:
> My first thought is with access rights for the domain
> user. I am not an expert in this but I believe that there
> is an access right to start a service, which you will have
> to let your domain user have.
> Peter
> "History will be kind to me for I intend to write it."
> Winston Churchill
>
> >--Original Message--
> >Hi,
> >
> >I have set up an Active Directory, Certificate Services
> on Windows 2003
> >Server. I am running SQL 2000 Server. AD and Certificate
> Services were
> >installed correctly.
> >
> >My goal is to be able to use SSL when connecting to SQL
> Server via Query
> >Analyzer. I also want to keep the SQL Server installation
> under a "Domain
> >User" account with as little privileges as possible.
> >
> >My problem is that SQL Server will not start when "Domain
> User" is only a
> >"member of" "Users" group. It starts when I make "Domain
> User" a "member of"
> >"Administrators". It seems that the SSL "forced
> encryption" will only work
> >with "Administrator" privileges which is the total access
> to control the
> >server, and this is not safe.
> >
> >Does it mean that SSL "forced encryption" will only work
> under a "Domain
> >User" that is a "member" of "Administrators"? Is there
> another "Group" with
> >limited privileges that I could assign the "Domain User"
> to?
> >
> >How else could I have the SSL work and SQL server
> installation in a "Domain
> >User" account?
> >
> >I have tried so many different things. Wasted one week
> already. Nothing
> >works. There was some MS bug bulletin saying that this
> problem was fixed
> >with SQL 2000 service pack 2. I have service pack 3a
> installed. It still
> >does not work. The log shows the same errors as on the MS
> fix buletin that
> >was supposed to be fixed by that sevice pack. I've tried
> with Windows 2003
> >Srv, Win 2000 Srv. SQL Standard, Enterprise. I just cant
> get it to run. Can
> >you offer some more specific clues? It is so depressing
> and dissapointing.
> >Here is the MS buletin that I mentioned:
> >http://support.microsoft.com/default.aspx?scid=kb;en-
> us;314636
> >
> >Thank you for your help.
> >
> >
> >
> >.
> >
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment