Thursday, November 29, 2012 11:19 PM
I had posted this here : https://connect.microsoft.com/SQLServer/feedback/details/770984/per-service-sid-s-are-not-being-granted-correct-permissions, but no response as yet.
When installing SQL 2012 (on a VMWare VM), based on the following article : http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110), I have noticed that the SQL per service SIDs are not being granted the correct permissions. From the initial install, the following is what was observed (the red x's being permissions that should have been granted but were not).
When re-installing and changing from specifying a domain account, to the default values, during set-up, the 4 service SIDs that were not added to 'Log on as a Service' initially were then correctly granted permission, but the other 4 in 'Bypass traverse checking', 'Adjust Memory Quotas for a process' and 'Impersonate a Client after authentication' were still not added.
When running a repair on this install, 'NT Service\MSSQLFDLauncher' was then granted the correct permissions, but 'NT SERVICE\MsDtsServer110' was still missing 'Bypass traverse checking' and 'Impersonate a Client after authentication'.
This also resulted in the installation of Reporting Services - Native failing in the original installation with 'Attempted to perform an unauthorized operation'.
If anyone has recently installed SQL 2012, can you check (via gpedit.msc) that the correct 'User Right Assignment' was granted to the per Service SIDs as per http://msdn.microsoft.com/en-us/library/ms143504(v=sql.110) ?