Hi all,

 

I’m experiencing a lot of issues on a customer site where they’ve applied the Microsoft security best practice in a SQL2005 cluster environment.

So that, the SQL Service account DOES NOT belong to the BUILTIN\Administrators group and DOES NOT HAVE sysadmin role on all the named instances.

 

Most of issues have been fixed with SMSQL 5.0D2P2 and they belong to this http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=358276 but nevertheless this we’ve discovered that the migration is only partial (not all the SQL directory structure is copied/moved on the NetApp LUN) because some path are missed after the migration wizard (i.e. LOG, REPLDATA…) and only the DATA path is migrated.

Startup parameters still continue to belong to old paths and SQL Service Agent registry keys still continue to belong to old path!!! So we can fix the named instance to start but the SQL Agent will never be able to start.

 

Worth, the ownership of dbs is changed to the user used as SMSQL service account! And the ACL on the file system is changed to it too!

 

This has never been happened before on environment where SQL Service account belong to BUILTIN\Administrators and bug states that it should be also a domain admins!!! Terrible. This is a great security bug to have a service account belonging to domain admins!

 

What I would to know is what exactly SMSQL does during the migration/configuration at level of properties of db (both system and user ones) and file systems.

We can move the data manually on the right NetApp LUNs but to backup instances with SMSQL we must run the config wizard and I want to be sure that nothing will be changed.

 

Many thanks in advance,

Regards,

 

Dott. Giacomo Milazzo

cid:image001.jpg@01C75422.0D316270

Technical Account Manager

Sinergy SpA
Filiale di Roma
+   00198. viale Regina Margherita, 269

'   (+39) 3406001045 0644245272

7    (+39) 0226922048
- Giacomo.Milazzo@Sinergy.it