December 30, 2004 at 12:14 pm
We are going to be installing SS 2000 on our first Windows 2003 server. Our server engineers were setting up the rights for my ID and say that 'Increase Quotas' does not exist in Windows 2003.... any ideas.. These are the rights that I have been told the ID that runs SQL Server needs... Am I correct ?
Act as Part of the Operating System = SeTcbPrivilege
Bypass Traverse Checking = SeChangeNotify
Increase Quotas = SeIncreaseQuotaPrivilege
Lock Pages In Memory = SeLockMemory
Log on as a Batch Job = SeBatchLogonRight
Log on as a Service = SeServiceLogonRight
Replace a Process Level Token = SeAssignPrimaryTokenPrivilege
December 30, 2004 at 1:00 pm
Increase Quotas is not necessary.
Also, that article doesn't say it, but I believe Lock pages in memory is only necessary when using AWE memory.
K. Brian Kelley
@kbriankelley
December 30, 2004 at 6:52 pm
Hi Marcus,
It looks like you are going to use non-administrative login for SQL Server if you need to set up rights explicitly. A login that is a member of Administrators do not need any of that and Log On As A Service right is automatically granted during the installation. I have SQL 2000 running on two 2003 servers, never had to do anything specific. Just keep in mind, if you do use non-administrative login or some system engineers take rights and permissions from administrative login, then also make sure you have required NTFS permissions.
Yelena
Regards,Yelena Varsha
December 31, 2004 at 6:56 am
Just as a general rule in the security mindset, if you don't need SQL Server to have administrative rights on the system you should try to run with a less-privileged account.
K. Brian Kelley
@kbriankelley
December 31, 2004 at 10:19 am
Over the years the ID I use for installing and administering SQL Server has gotten way to many rights... and we have so many SQL Servers now... In talking with our Sec. Admin folks we decided to create a new Test ID and new Prod ID for SQL Server when it is installed on Win2003. That way we will start fresh and as we migrate existing win2000 to win2003 we can convert over. Some of our existing apps. have so many hooks into them I am afraid to switch them all now.
Thanks for all of your input gang !
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply