I am have some trouble setting up a v16 database service to run under a user account other than "local system account" I presume I need:
but although the service then starts I run into odd problems, like not being able to edit the service settings in SQL Central (although I am logged on a local administrator) - works fine if I change the service back to local system account. Is there a list of the minimum set of privileges required available anywhere? Thanks UPDATE 19 Apr The user I'm trying to use is a domain user. By granting my user the same rights in Local Security Policy | Local Policies | User Rights Assignments that are already allocated to LOCAL SERVICE, and setting the Log On As user in the Windows Services manager I can get the SQLA service to run properly. BUT if I now try to edit the services parameters in Sybase Central, I get: The service could not be modified. An unknown error has occurred. com.sybase.sqlanywhere.util.ServiceException Go back to LocalSystemAccount and Sybase Central is happy again. |
What (Windows) OS do you use?
Server 2016 Standard
Hm, if you are logged in as local admin, that does not look like missing privileges on the service account IMHO? Can you change service settings via DBSVC as local admin?
FWIW, have you considered the more restricted LocalService or NetworkService system accounts?
And apparently I have no real answer to your question...:(
Yes this odd - yet it seems to relate to the user specified in the service definition not who you are logged on as.
NetworkService might be the way to go, but I'm concerned about running into unexpected problems because of missing privileges. According to MS LocalSystem has:
while NetworkService has
Basically I'm way out of my depth here! What I really want to do is define a user with the minimum rights needed to run SQLA properly and add access to a couple of network locations.
In my limited understanding, these are the privileges given to the according local user groups.
Just to add: There's an older white paper "Securing SQL Anywhere Server 10" (sic!) still available but is it also rather vague in terms of choosing a fitting user account for a Windows database service...
It's an excellent doc - and an updated version would be really useful. However, as you say doesn't really give me the detail I'm after!
If not able to edit the service in Sybase Central I usually find I get an "Access Denied" error and irrespective of being logged on as a local admin that "Right click - Run as Administrator" is required.
This doesn't seem to be the problem in this case - the behaviour is the same whether I run Sybase Central while logged on with local admin rights or choose Run As Administrator