August 27, 2010 at 9:10 am
I'm using a WMI Data Reader Task with the following query:
Select
Caption, CreationClassName, Description, DisplayName,
ErrorControl, InstallDate, Name, PathName, ServiceType,
Started, StartMode, StartName, State, Status,
SystemCreationClassName, SystemName
FROM Win32_Service
When I run it myself it works fine, but I have administrative rights on the server I'm connecting to. When I run the package through a service account I'm getting the following error:
An error occurred with the following error message: "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))".
Does anyone know what permissions I need to grant the service account on the server for this to work?
Thanks
Kenneth
Kenneth FisherI was once offered a wizards hat but it got in the way of my dunce cap.--------------------------------------------------------------------------------For better, quicker answers on T-SQL questions, click on the following... http://www.sqlservercentral.com/articles/Best+Practices/61537/[/url]For better answers on performance questions, click on the following... http://www.sqlservercentral.com/articles/SQLServerCentral/66909/[/url]Link to my Blog Post --> www.SQLStudies.com[/url]
August 27, 2010 at 12:52 pm
Are you trying to access the local server?
Also, is SQL logging in as a user account or as something like localsystem?
CEWII
August 31, 2010 at 6:24 am
Its actually a series of about 30 servers, the SQL Servers are sometimes running under service accounts and sometimes local system. I'm working to convert them all to service accounts. The SSIS package that I'm running is running under an unrelated service account.
Thanks
Kenneth
Kenneth FisherI was once offered a wizards hat but it got in the way of my dunce cap.--------------------------------------------------------------------------------For better, quicker answers on T-SQL questions, click on the following... http://www.sqlservercentral.com/articles/Best+Practices/61537/[/url]For better answers on performance questions, click on the following... http://www.sqlservercentral.com/articles/SQLServerCentral/66909/[/url]Link to my Blog Post --> www.SQLStudies.com[/url]
September 1, 2010 at 11:27 am
Although I can't give you a link to point to I remember reading that remote WMI calls require administrator level access to the box.
I recommend that SQL NEVER run as a localsystem or NETWORK SERVICE and instead always use a domain level account, NO local accounts.
It is very common for this domain level account to be in the Administrators group on the server BUT don't make it a domain admin!
You might create an account with domain adminsitrator rights and use it as a proxy to run those SQL Agent jobs that need to run that way.
Now here is a "trick" if the user account that SQL logs in with is also a local admin on those boxes then you won't even need that proxy account.
Some environments have 1-2 domain accounts for SQL servers (VERY common) others have an account by server, there are upsides and benefits to each. I tend to use the shared domain account and sometimes for a server that needs additional security it alone might be given a seperate login.
Not sure if I fully answered your question or muddied the waters. Let me know.
CEWII
September 2, 2010 at 8:40 am
Actually it ends up being 2 seperate subjects. To the first, the account trying to run the WMI call has nothing to do with the SQL Servers, but I am starting to think that admin is the only way to go unfortunatlly. As to the second, I'm currently working on switching all of our SQL Servers to service accounts, at least in part to resolve our double hop problem.
Thanks for all of our help though
Kenneth
Kenneth FisherI was once offered a wizards hat but it got in the way of my dunce cap.--------------------------------------------------------------------------------For better, quicker answers on T-SQL questions, click on the following... http://www.sqlservercentral.com/articles/Best+Practices/61537/[/url]For better answers on performance questions, click on the following... http://www.sqlservercentral.com/articles/SQLServerCentral/66909/[/url]Link to my Blog Post --> www.SQLStudies.com[/url]
November 16, 2012 at 12:16 pm
Thanks Elliott Whitlow ......Great ...Got same issue ....Ran Almost all blogs....when i running My SSIS package with my credintials its working fine ..when calling it via agent then getting strange errors ..aftre chanign service account to AD its working fine...Like water released from reservior.
Trillions of thanks
Ashwin vp
Ashwin VP
CSC India ...
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply