In according of what I have found on various document I removed to user 'guest' from the msdb database. But now the SQL_Server_Agent don't start.
I run this service from a normal user NT account. In the log error of SQL_Server_agent i found this items:
1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot start
2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto nell'account di accesso 'msdb'. L'accesso avrX esito negativo. [SQLSTATE 42000]
The only solution I have found is to add the NT account to the sysadmin role but I don't want to do this!
Anyone can help me ?
I run SQL 2K SP3 on WIN2K Server SP4
Thanks
The login that SQL Agent uses MUST be a SQL Server Admin account or the
agent will not start.
So first do that.
Then if it still does not start, add the login as a valid user to the MSDB
database, then see.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote in
message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> In according of what I have found on various document I removed to user
'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> I run this service from a normal user NT account. In the log error of
SQL_Server_agent i found this items:
> 1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot
start
> 2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto
nell'account di accesso 'msdb'. L'accesso avr esito negativo. [SQLSTATE
42000]
> The only solution I have found is to add the NT account to the sysadmin
role but I don't want to do this!
> Anyone can help me ?
> I run SQL 2K SP3 on WIN2K Server SP4
> Thanks
|||Many thanks for your promplty response.
I haven't understand this.
So I have another question: in your your opinion while is the best security choice ?
1) Start the SQL_SERVER_AGENT with an NT administrator account, that have sysamind role
2) Assing the sysadmin role to an NT normal user account and use this to start the SQL_SERVER_AGENT.
The Microsoft security baseline analizer suggest that no have more than 2 sysadmin user.
Thanks
"Wayne Snyder" wrote:
> The login that SQL Agent uses MUST be a SQL Server Admin account or the
> agent will not start.
> So first do that.
> Then if it still does not start, add the login as a valid user to the MSDB
> database, then see.
> --
> Wayne Snyder, MCDBA, SQL Server MVP
> Mariner, Charlotte, NC
> www.mariner-usa.com
> (Please respond only to the newsgroups.)
> I support the Professional Association of SQL Server (PASS) and it's
> community of SQL Server professionals.
> www.sqlpass.org
> "Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote in
> message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> 'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> SQL_Server_agent i found this items:
> start
> nell'account di accesso 'msdb'. L'accesso avrX esito negativo. [SQLSTATE
> 42000]
> role but I don't want to do this!
>
>
Showing posts with label guest. Show all posts
Showing posts with label guest. Show all posts
Friday, March 30, 2012
remove guest user in msdb
In according of what I have found on various document I removed to user 'gue
st' from the msdb database. But now the SQL_Server_Agent don't start.
I run this service from a normal user NT account. In the log error of SQL_Se
rver_agent i found this items:
1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot st
art
2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto
nell'account di accesso 'msdb'. L'accesso avr_ esito negativo. [SQLSTA
TE 42000]
The only solution I have found is to add the NT account to the sysadmin role
but I don't want to do this!
Anyone can help me ?
I run SQL 2K SP3 on WIN2K Server SP4
ThanksThe login that SQL Agent uses MUST be a SQL Server Admin account or the
agent will not start.
So first do that.
Then if it still does not start, add the login as a valid user to the MSDB
database, then see.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote in
message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> In according of what I have found on various document I removed to user
'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> I run this service from a normal user NT account. In the log error of
SQL_Server_agent i found this items:
> 1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot
start
> 2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto[/vbco
l]
nell'account di accesso 'msdb'. L'accesso avr esito negativo. [SQLSTATE
42000][vbcol=seagreen]
> The only solution I have found is to add the NT account to the sysadmin
role but I don't want to do this!
> Anyone can help me ?
> I run SQL 2K SP3 on WIN2K Server SP4
> Thanks|||Many thanks for your promplty response.
I haven't understand this.
So I have another question: in your your opinion while is the best security
choice ?
1) Start the SQL_SERVER_AGENT with an NT administrator account, that have sy
samind role
2) Assing the sysadmin role to an NT normal user account and use this to sta
rt the SQL_SERVER_AGENT.
The Microsoft security baseline analizer suggest that no have more than 2 sy
sadmin user.
Thanks
"Wayne Snyder" wrote:
> The login that SQL Agent uses MUST be a SQL Server Admin account or the
> agent will not start.
> So first do that.
> Then if it still does not start, add the login as a valid user to the MSDB
> database, then see.
> --
> Wayne Snyder, MCDBA, SQL Server MVP
> Mariner, Charlotte, NC
> www.mariner-usa.com
> (Please respond only to the newsgroups.)
> I support the Professional Association of SQL Server (PASS) and it's
> community of SQL Server professionals.
> www.sqlpass.org
> "Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote
in
> message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> 'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> SQL_Server_agent i found this items:
> start
> nell'account di accesso 'msdb'. L'accesso avr_ esito negativo. [SQLST
ATE
> 42000]
> role but I don't want to do this!
>
>
st' from the msdb database. But now the SQL_Server_Agent don't start.
I run this service from a normal user NT account. In the log error of SQL_Se
rver_agent i found this items:
1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot st
art
2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto
nell'account di accesso 'msdb'. L'accesso avr_ esito negativo. [SQLSTA
TE 42000]
The only solution I have found is to add the NT account to the sysadmin role
but I don't want to do this!
Anyone can help me ?
I run SQL 2K SP3 on WIN2K Server SP4
ThanksThe login that SQL Agent uses MUST be a SQL Server Admin account or the
agent will not start.
So first do that.
Then if it still does not start, add the login as a valid user to the MSDB
database, then see.
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote in
message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> In according of what I have found on various document I removed to user
'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> I run this service from a normal user NT account. In the log error of
SQL_Server_agent i found this items:
> 1) [000] Unable to connect to server '(local)'; SQLServerAgent cannot
start
> 2) [298] SQLServer Error: 4060, Impossibile aprire il database richiesto[/vbco
l]
nell'account di accesso 'msdb'. L'accesso avr esito negativo. [SQLSTATE
42000][vbcol=seagreen]
> The only solution I have found is to add the NT account to the sysadmin
role but I don't want to do this!
> Anyone can help me ?
> I run SQL 2K SP3 on WIN2K Server SP4
> Thanks|||Many thanks for your promplty response.
I haven't understand this.
So I have another question: in your your opinion while is the best security
choice ?
1) Start the SQL_SERVER_AGENT with an NT administrator account, that have sy
samind role
2) Assing the sysadmin role to an NT normal user account and use this to sta
rt the SQL_SERVER_AGENT.
The Microsoft security baseline analizer suggest that no have more than 2 sy
sadmin user.
Thanks
"Wayne Snyder" wrote:
> The login that SQL Agent uses MUST be a SQL Server Admin account or the
> agent will not start.
> So first do that.
> Then if it still does not start, add the login as a valid user to the MSDB
> database, then see.
> --
> Wayne Snyder, MCDBA, SQL Server MVP
> Mariner, Charlotte, NC
> www.mariner-usa.com
> (Please respond only to the newsgroups.)
> I support the Professional Association of SQL Server (PASS) and it's
> community of SQL Server professionals.
> www.sqlpass.org
> "Roberto Pasqualini" <Roberto Pasqualini@.discussions.microsoft.com> wrote
in
> message news:7206619A-0EB0-480C-84C0-9E99C2BF4751@.microsoft.com...
> 'guest' from the msdb database. But now the SQL_Server_Agent don't start.
> SQL_Server_agent i found this items:
> start
> nell'account di accesso 'msdb'. L'accesso avr_ esito negativo. [SQLST
ATE
> 42000]
> role but I don't want to do this!
>
>
Monday, March 26, 2012
Remove "guest" account in SQL Server 2000
Is there any reason not to drop the "guest" account in a user database?
Thanks!Hi
If you wnat that anyone who has LOGIN access to the server access your db
as well , so do not remove it.
Why not having that every Login has a specific User account within the
database(s) that they need access?
"BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
> Is there any reason not to drop the "guest" account in a user database?
> Thanks!|||The guest user us required in master and tempdb. Guest is disabled in other
databases by default. You can disable guest with sp_dropuser and enable
with sp_adduser.
Hope this helps.
Dan Guzman
SQL Server MVP
"BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
> Is there any reason not to drop the "guest" account in a user database?
> Thanks!|||Dan
> databases by default. You can disable guest with sp_dropuser and enable
> with sp_adduser.
Can you elaborate a little bit about disabling 'guest' user? If I create a
new database the 'guest' is there.
"Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
news:OprfYbV2HHA.5380@.TK2MSFTNGP04.phx.gbl...
> The guest user us required in master and tempdb. Guest is disabled in
> other databases by default. You can disable guest with sp_dropuser and
> enable with sp_adduser.
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
> news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
>|||> Can you elaborate a little bit about disabling 'guest' user? If I create a
> new database the 'guest' is there.
The guest user exists in all databases but is disabled by default in all
user databases. It can simply be ignored unless it needs to be enabled for
special reasons.
Note that dropping the guest user does not physically drop the user from the
database but only disables it. Only users who are explicitly granted
database access can access a user database when guest is disabled.
Similarly, adding the guest user enables it. Any login can access a
database with an enabled guest user. If the login was not explicitly
granted access, the guest user security context is used (which normally has
minimal public permissions).
Hope this helps.
Dan Guzman
SQL Server MVP
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:OhtIOSY2HHA.4880@.TK2MSFTNGP03.phx.gbl...
> Dan
> Can you elaborate a little bit about disabling 'guest' user? If I create a
> new database the 'guest' is there.
>
> "Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
> news:OprfYbV2HHA.5380@.TK2MSFTNGP04.phx.gbl...
>|||Thanks Dan for clarification.
"Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
news:%23jiS2ab2HHA.3640@.TK2MSFTNGP06.phx.gbl...
> The guest user exists in all databases but is disabled by default in all
> user databases. It can simply be ignored unless it needs to be enabled
> for special reasons.
> Note that dropping the guest user does not physically drop the user from
> the database but only disables it. Only users who are explicitly granted
> database access can access a user database when guest is disabled.
> Similarly, adding the guest user enables it. Any login can access a
> database with an enabled guest user. If the login was not explicitly
> granted access, the guest user security context is used (which normally
> has minimal public permissions).
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:OhtIOSY2HHA.4880@.TK2MSFTNGP03.phx.gbl...
>
Thanks!Hi
If you wnat that anyone who has LOGIN access to the server access your db
as well , so do not remove it.
Why not having that every Login has a specific User account within the
database(s) that they need access?
"BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
> Is there any reason not to drop the "guest" account in a user database?
> Thanks!|||The guest user us required in master and tempdb. Guest is disabled in other
databases by default. You can disable guest with sp_dropuser and enable
with sp_adduser.
Hope this helps.
Dan Guzman
SQL Server MVP
"BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
> Is there any reason not to drop the "guest" account in a user database?
> Thanks!|||Dan
> databases by default. You can disable guest with sp_dropuser and enable
> with sp_adduser.
Can you elaborate a little bit about disabling 'guest' user? If I create a
new database the 'guest' is there.
"Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
news:OprfYbV2HHA.5380@.TK2MSFTNGP04.phx.gbl...
> The guest user us required in master and tempdb. Guest is disabled in
> other databases by default. You can disable guest with sp_dropuser and
> enable with sp_adduser.
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "BATMAN" <BATMAN@.discussions.microsoft.com> wrote in message
> news:E3985296-2D19-47C8-8051-37B664065AD6@.microsoft.com...
>|||> Can you elaborate a little bit about disabling 'guest' user? If I create a
> new database the 'guest' is there.
The guest user exists in all databases but is disabled by default in all
user databases. It can simply be ignored unless it needs to be enabled for
special reasons.
Note that dropping the guest user does not physically drop the user from the
database but only disables it. Only users who are explicitly granted
database access can access a user database when guest is disabled.
Similarly, adding the guest user enables it. Any login can access a
database with an enabled guest user. If the login was not explicitly
granted access, the guest user security context is used (which normally has
minimal public permissions).
Hope this helps.
Dan Guzman
SQL Server MVP
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:OhtIOSY2HHA.4880@.TK2MSFTNGP03.phx.gbl...
> Dan
> Can you elaborate a little bit about disabling 'guest' user? If I create a
> new database the 'guest' is there.
>
> "Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
> news:OprfYbV2HHA.5380@.TK2MSFTNGP04.phx.gbl...
>|||Thanks Dan for clarification.
"Dan Guzman" <guzmanda@.nospam-online.sbcglobal.net> wrote in message
news:%23jiS2ab2HHA.3640@.TK2MSFTNGP06.phx.gbl...
> The guest user exists in all databases but is disabled by default in all
> user databases. It can simply be ignored unless it needs to be enabled
> for special reasons.
> Note that dropping the guest user does not physically drop the user from
> the database but only disables it. Only users who are explicitly granted
> database access can access a user database when guest is disabled.
> Similarly, adding the guest user enables it. Any login can access a
> database with an enabled guest user. If the login was not explicitly
> granted access, the guest user security context is used (which normally
> has minimal public permissions).
> --
> Hope this helps.
> Dan Guzman
> SQL Server MVP
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:OhtIOSY2HHA.4880@.TK2MSFTNGP03.phx.gbl...
>
Subscribe to:
Posts (Atom)