February 19, 2005 at 7:17 pm
I recently changed the SQL Server and SQL Server Agent Service Accounts on one of my servers. Everything works fine, except for a few stored procedures that execute the xp_cmdshell command. The procedures worked fine prior to changing the accounts. The accounts executing the stored procedures are not System Administrator accounts.
Since the account I was changing was also the Proxy Account in the SQL Server Agent Properties window, I thought I would just have to change the proxy account. When I tried to change the account I got the following error: Unable to set the SQL Agent proxy account because of the reason listed below. 'Error executing extended stored procedure: Specified user can not login'.
The Proxy Account I am using is 1) a domain account, 2) an Administrator on the server, 3) a SQL Server System Administrator and 4) the same account I use to start SQL Server and SQL Server Agent.
SQL Server Version : 8.00.818
OS Version : Microsoft Windows 2000 5.00.2195
Any ideas as to what the error is trying to tell me?
February 20, 2005 at 12:19 pm
I may have found the answer to my problem. I still needed to add user rights to the account I was using to start up the services.
The user rights I added are :
Act as part of the Operation System
Increase Quotas
Log on as a service
Replace a process level token
Are there any other user rights I should give the service account?
February 21, 2005 at 3:12 am
That should be all you need - good problem solving of your own problem. I usually make it easy and allow the service account more access by putting in the admin group - but this can cause more problems. For security purposes the minimum privilege concept still holds true.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply