What should you do?

Your company uses System Center Operations Manager 2007 to monitor several Microsoft SQL Server 2005 computers. The default action account does not have sufficient permissions to monitor the databases that exist on these servers. You need to enable SQL Server object monitoring. What should you do?

Your company uses System Center Operations Manager 2007 to monitor several Microsoft SQL Server 2005 computers. The default action account does not have sufficient permissions to monitor the databases that exist on these servers. You need to enable SQL Server object monitoring. What should you do?

A.
Disable the agent proxy for the SQL Server 2005 computers. Add the default action account to the local users groups.

B.
Create a user account that has DBO access to the databases. Associate the account with the SQL Monitoring Run As profile.

C.
Create a user account that has DataReader access to the databases. Associate the account with the Privileged Monitoring Run As profile.

D.
Create a user account that has DataWriter access to the databases. Associate the account with the Privileged Monitoring Run As profile.

Explanation:
If SQL is on a default install then local system will be able to login and monitoring will function. It means that SQL isn’t as secure as it should be but from an OpsMgr perspective that does make our life easier.

If the ability of local admins and local system to login to SQL has been removed (best practice) then you’ll need to set up a run as account and profile as below.

The way I work in secure environments is :
a) Create monitoring account for each SQL Server – I add this to a SQL DBA security group which always seems to exist. The group almost always has local windows admin rights and SQL sysadmin rights across the SQL estate. This meets the minimum set of permissions required for SQL Server monitoring purposes, the following permissions are required:

-The account must be a member of the SQL Server SysAdmin role within the instance or instances of SQL Server being monitored.
-The account must have privileges to log on locally to the server

b) I then create a Run As Account which maps to this user

c) Then Go to Run As Profiles, SQL Server Discovery Account, Assign Account Name (Run As Account) to the SQL Computers Class, Click Save then add the SQL Servers.

As new SQL Servers are added, you will need to:
Go to Administration, Run As Configuration, Profiles
SQL Server Discovery Account.
Double Click SQL Server Discovery Account
Click Next on the General Properties window
Click Save on the Run As Accounts Window
On the Completion Window, there will be a yellow warning triangle under More Secure Run As Accounts. Click on the hyperlink that states SQL Monitoring Account
Next to Selected Computers, click ADD and add in the new SQL Server
Click Save and Close

from "Microsoft Technet Forums"

Show Hint

Leave a Reply 1

Your email address will not be published. Required fields are marked *

best android cell phones

best android cell phones

Is it possible for you to copy and paste news articles for my blog site or is that copyright infringement?

Reply