Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

Virual accounts unavailable in directory permissions

From Anton Shepelev@21:1/5 to All on Fri Jan 17 18:10:42 2025

Hello, all

While migrating a machine with many MSSQL instances, I have
found that I cannot reinstante the permissions for the
directories with databases for each instance.

On the original machine, each directory had permissions for
the user, under which the correspoinding instance was
started: NT ServiceSQL$<instance_name> . These are called
virtual accounts:

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions#VA_Desc

and are meant to facilitate administration. I my case
however, they are a problem, because neither on the original
machine, nor on the one we are migraing to, can we add any
of those virtual accounts to directory permissions. Virtual
accounts are not listed under either of
Service Accounts,
Built-in security principals,
or Users.
Where in the system are they? Somewhere they must be, for
Windows services for MSSQL instances are started under
those accounts.

--
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From Anton Shepelev@21:1/5 to All on Mon Jan 20 15:16:13 2025

I wrote:

While migrating a machine with many MSSQL instances, I
have found that I cannot reinstante the permissions for
the directories with databases for each instance.

On the original machine, each directory had permissions
for the user, under which the correspoinding instance was
started: NT Service\MSSQL$<instance_name> . These are
called virtual accounts:

https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions#VA_Desc

and are meant to facilitate administration. I my case
however, they are a problem, because neither on the
original machine, nor on the one we are migraing to, can
we add any of those virtual accounts to directory
permissions. Virtual accounts are not listed under either
of
Service Accounts,
Built-in security principals,
or Users.
Where in the system are they? Somewhere they must be, for
Windows services for MSSQL instances are started under
those accounts.

The trick is to type them in by hand, having set the correct
filters, that is:

Select this object types: Built-in security principals
From this location : he current machine

--
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Michal Wronka
  Sun Jul 13 09:16:55 2025
  from Wroclaw, Poland via SSH
- Gwylbert
  Sun Jul 13 04:08:48 2025
  from Sydney, Nsw via Telnet
- Plume
  Sun Jul 13 02:17:39 2025
  from Uk via Raw
- Michal Wronka
  Sat Jul 12 23:15:13 2025
  from Wroclaw, Poland via SSH
- Bob Worm
  Sat Jul 12 23:04:09 2025
  from Wales, Uk via Telnet
- Michal Wronka
  Sat Jul 12 22:43:44 2025
  from Wroclaw, Poland via SSH
- Bagwaa
  Sat Jul 12 21:37:02 2025
  from Nottingham via Telnet
- Michal Wronka
  Sat Jul 12 21:35:07 2025
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	508
Nodes:	16 (0 / 16)
Uptime:	238:52:05
Calls:	9,985
Calls today:	3
Files:	13,836
Messages:	6,358,297