Quantcast
Channel: Forum SQL Server Setup & Upgrade
Viewing all articles
Browse latest Browse all 7707

Minimum security privileges required for CMDExec Proxy account to work

$
0
0

I am trying to get a CMDEXEC Proxy account working on Server 2008 R2 / SQL Server 2008 R2, and because I am working on a tightly locked down network / domain, I need to set the minimum level of rights possible.

Right now when I try to use a proxy with the SQL Agent running with a Domain service account, the attempt fails.  If I set the Agent service account to Local Network, the proxy works fine.

What has now confused me is, in comparing the new server to an existing system (Server 2003 / SQL 2005,) neither of them give the Agent account the "Replace a process level token" privilege, yet the 03/05 system works.  I have found that if I give the Agent account the "Replace a process..." privilege, the proxy account then works.  I'd like to confirm that this is required, so I can go to the network security people to have the service account granted the required privileges.

I found this MSDN article which lists what privileges the install process grants the various SQL services.

I was also linked to this CodePlex article on creating the proxy accounts.

Thanks all,

Jason A.


Jason A.


Viewing all articles
Browse latest Browse all 7707


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>