Post reply

SQL Agent Proxy Account Set-up

  • August 2, 2007 at 8:48 am

    #73340

    Hi, I'm trying to set up an Agent Proxy account but am getting errors anyway I do it. I have SQL2000 Std SP4 running on Windows 2003 SP2. As per MS recommendations I have the SQL service running with a domain account but set up with non sysadmin rights. The SQL Agent is running with a separate domain account with Admin rights as I understand it pretty much has to.

    I want our overnight operators to be able to see and re-run any batch jobs from Ent Mgr, they have domain accounts set up but limited access. However without using the Proxy account they would need to be sysadmins to see and run the jobs, which I don't want. So I'd clearly like to use the Proxy account. But when I run any xp_sqlagent_proxy_account command I get access denied whether I do it as a sysadmin or 'sa' and also whether I run it through QA or via Agent properties in SQL Ent Mgr.

    I've read other forums and given the account I want to run as the proxy (via GPEDIT) -

    -Increase Quotas

    -Replace a process level token

    -Log on as a batch Job

    I've also tried giving the SQL account running SQL Server sysadmin privs and adding the account I want to run as the proxy admin rights of the server, but I still get access denied.

    If I run it via QA I just simply get 'access denied'. If I run it through Ent Mgr I am asked to firstly logon with an account with sysadmin rights (fair enough), then add the account\pswd\domain of the account I want to use as the proxy account, this is when I get...  the system cannot find the path specified' ??

    I'd be grateful for any clues. I've never come up against anything so convoluted in SQL as this!!!

     

     

  • August 2, 2007 at 10:12 am

    #724254

    Do all Windows accounts that you are using have individual logins in SQL Server? I did have problems when Windows accounts were SQL Server logins through the group / role membership. For example, an account is a member of Administrators in Windows and SQL Server has Builtin\Administrators as sysadmins. This account had some problems running some DTS jobs. When I added this account to SQL Server as an idividual login, the problem was  resolved.

    Regards,Yelena Varsha

  • August 2, 2007 at 10:17 am

    #724256

    Hi, yes they are all individual accounts ie not NT groups are used.

  • August 3, 2007 at 5:38 am

    #724465

    Try adding the users to the TargetServersRole role in the MSDB database.

  • August 3, 2007 at 9:21 am

    #724558

    Thanks for your input.  I'm off for a week now so will try this on my return. Just didn't want you (or anyone else that replies) to think I was ignoring you  

Viewing 5 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply