March 20, 2015 at 2:07 am
We've been recording logins across a few hundred servers for the past few months and have yet to see a single login through this account.
BOL only says:
Windows Management Instrumentation (WMI) must be able to connect to the Database Engine. To support this, the per-service SID of the Windows WMI provider (NT SERVICE\winmgmt) is provisioned in the Database Engine.
SQL Server setup creates a SQL WMI namespace and grants read permission to the SQL Server Agent service-SID.
It's a sysadmin account by default though this can be trimmed back according to the permissions on the BOL page. This can be semi-important because someone has already demonstrated how a Local Admin can subvert it to get SQL access (but there are plenty of other ways too, of course!)
But all of this aside I'd like to know how to trigger whatever it is that uses it, seeing as nothing I've seen has touched it yet.
March 20, 2015 at 8:50 am
well i know we have some monitoring apps on the network that use WMI calls;
if i use a powershell query that uses WMI, do you think it might use that account under the covers? or only when it also touches SQL data/information/settings?
there's a nice post here that i've adapted and enhanced that explicitly uses wmi calls:
http://www.sqlservercentral.com/Forums/Topic1240480-1351-1.aspx
i'd be tempted to disable that account you mentioned, and see if the script runs without errors both before and after.
Lowell
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply