Home Dashboard Directory Help
Search

Service SID not granted required permission during installation by Nancy Hidy Wilson1


Status: 

Active


4
0
Sign in
to vote
Type: Bug
ID: 778696
Opened: 2/6/2013 2:13:41 PM
Access Restriction: Public
0
Workaround(s)
view
0
User(s) can reproduce this bug

Description

Certain functionality performed by the SQL Server Service Account post install seems to require a minimum of List Folder access to the root drive of the data folders used by SQL Server. This includes using SSMS to restore a database using a file (the GUI cannot display the path to traverse to the backup file) in versions prior to SQL Server 2012; and in SQL Server 2012 prevents a successful application of SP1 using either the UpdateSource during initial install or running the SP manually after install. In many organizations, the default Everyone and Users groups are removed from the base permissions to conform to the principal of least privileges. And in that same vein, we are using either a Domain User account or the virtual account for the service accounts - which are not in Administrators.

I believe that the installation should grant the minimal List Folder access to the root drive only (not inherited or propated) to the Service SID to ensure successful execution of the tasks performed by this account. It is especially egregious that the SP installation fails due to this configuration.

This may be the same problem reported in Bug 775401; however, I did not see a root cause determined there.
Details
Sign in to post a comment.
Posted by Nancy Hidy Wilson1 on 2/6/2013 at 2:17 PM
"propated" is a typo - should have been "propagated". :-)
Sign in to post a workaround.
File Name Submitted By Submitted On File Size  
20130206_Fail.zip (restricted) 2/6/2013 -