locked
Primary Site Server computer account is sysadmin on Remote SQL Server, is this correct ? RRS feed

  • Question

  • Hi All,

    Just a query, i have noticed that on my Site Database box that my Primary Site Server has sysadmin rights? I never put this in myself so am just wondering how it got there and why. One thing i have done recently is enabled the backupo maintanance task, could this have put the PS computer account as sysadmin?

    Everything is working fine and this currently in my test environment, however we are intending to install the real thing very soon so was just putting together some documentation and read that the only account that needed sysadmin was the 'SMS Admin' type admin account used for installing SCCM 2012.

    If anyone could clarify the above it would eb fantastic...

    many thanks.....

    Wednesday, July 18, 2012 4:12 PM

Answers

  • Ok,

    I did a fresh setup on the weekend, Site server with remote SQL box. I payed attention to permissions wiithin SQL. After the install was complete the site server computer account was not visible as having sysadmin rights, in fact the site server computer account had no login rights within SQL.

    However once i had configured and run the backup maintenance task the computer account within the SQL logins, with sysadmin rights!!!!

    So that answers my question...

    Technet states that the backup maintenance task does reqiure permission setting up on both boxes, plus i assume the site server needs permissions to perform database backup too...

    cheers

    • Marked as answer by The Overfiend Monday, July 23, 2012 8:51 AM
    Monday, July 23, 2012 8:51 AM

All replies

  • HI,

    You are correct the SCCM Primary Site server computer account should have Sysadmin permissions on the SQL database.

    regards,

    Jörgen


    -- My System Center blog ccmexec.com -- Twitter @ccmexec

    Wednesday, July 18, 2012 4:21 PM
  • The computer account of the site server has to be sysadmin on SQL, so that's correct and expected.

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, July 18, 2012 4:22 PM
  • many thanks both,

    Is the computer account added automatically by some process?  just that i dont remember adding the computer account in myself..

    thanks..

    Wednesday, July 18, 2012 4:24 PM
  • I *think* that it's added automatically (but can't really confirm this because I usually do that manually before installing CM) :-)


    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, July 18, 2012 4:34 PM
  • I will be doing another SCCM 2012 setup within the next two days. I will obeserve and update this post with my findings.

    Many Thanks .....

    Wednesday, July 18, 2012 4:36 PM
  • Just did a basic configmgr 2012 pri site install - no site settings done as of yet - but i do actually not see the server computer account in the sql sysadmin Group...

    - Stress is the confusion created in one's mind, to override the basic desire to choke the living %&¤# out of someone, who deserves it the most.

    Wednesday, July 18, 2012 5:35 PM
  • Is your SQL Database also on you Priimary Site server ?

    In my setup the SQL Database and the Primary site server are on seperate boxes.

    Wednesday, July 18, 2012 6:41 PM
  • yes they are on the same box - ok, so thats propbably the difference then... makes sense.

    - Stress is the confusion created in one's mind, to override the basic desire to choke the living %&¤# out of someone, who deserves it the most. Twitter: http://twitter.com/#!/@henrikhoe

    Friday, July 20, 2012 9:32 AM
  • Ok,

    I did a fresh setup on the weekend, Site server with remote SQL box. I payed attention to permissions wiithin SQL. After the install was complete the site server computer account was not visible as having sysadmin rights, in fact the site server computer account had no login rights within SQL.

    However once i had configured and run the backup maintenance task the computer account within the SQL logins, with sysadmin rights!!!!

    So that answers my question...

    Technet states that the backup maintenance task does reqiure permission setting up on both boxes, plus i assume the site server needs permissions to perform database backup too...

    cheers

    • Marked as answer by The Overfiend Monday, July 23, 2012 8:51 AM
    Monday, July 23, 2012 8:51 AM
  • Overfiend, what type of permissions does your Primary Site Computer Account have on your SQL Server?

    I removed local administrator rights from the server and I am now receiving the following error within my hman log:

    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x80070005

    CWmiRegistry::WmiOpen: Failed to connect to remote WMI repository on machine SQLSERVER

    Failed to connect HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL registry key for reading on SQL Server [SQLSERVER].

    I've attempted to give rights within WMI Control and within dcomcnfg and still receive failures. I am getting push back on having the SCCM server have admin rights on our shared SQL server.

    Thanks

    Wednesday, January 2, 2013 5:12 PM
  • The computer account has to be local admin and SQL sysadmin on the SQl server.

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, January 3, 2013 7:04 AM