Service SID not granted required permission during installation - by Nancy Hidy Wilson1

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

Sign in
to vote
ID 778696 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 2/6/2013 2:13:41 PM
Access Restriction Public


Certain functionality performed by the SQL Server Service Account post install seems to require a minimum of List Folder access to the root drive of the data folders used by SQL Server.  This includes using SSMS to restore a database using a file (the GUI cannot display the path to traverse to the backup file) in versions prior to SQL Server 2012; and in SQL Server 2012 prevents a successful application of SP1 using either the UpdateSource during initial install or running the SP manually after install.  In many organizations, the default Everyone and Users groups are removed from the base permissions to conform to the principal of least privileges. And in that same vein, we are using either a Domain User account or the virtual account for the service accounts - which are not in Administrators. 

I believe that the installation should grant the minimal List Folder access to the root drive only (not inherited or propated) to the Service SID to ensure successful execution of the tasks performed by this account. It is especially egregious that the SP installation fails due to this configuration. 

This may be the same problem reported in Bug 775401; however, I did not see a root cause determined there. 
Sign in to post a comment.
Posted by Nancy Hidy Wilson1 on 2/6/2013 at 2:17 PM
"propated" is a typo - should have been "propagated". :-)