Wednesday, March 29, 2006

SQL Server Proxy Error Messages

If the SQL proxy account not set up the below error message would appearMsg 50001, Level 1, State 50001xpsql.cpp: Error 997 from GetProxyAccount on line 472

When SQL Server startup account does not have the 'Local Admin' privilegesMsg 50001, Level 1, State 50001xpsql.cpp: Error 997 from GetProxyAccount on line 472

When the SQL Server Startup account does not have the"Replace Process level Token" Privileges on Local security policy ,
Msg 50001, Level 1, State 50001xpsql.cpp: Error 1314 from CreateProcessAsUser on line 504

When the 'SQL Sever proxy account does not exist or deleted from the Windows.Msg 50001, Level 1, State 50001xpsql.cpp: Error 1326 from LogonUserW on line 488

Wednesday, March 22, 2006

DMZ - DeMilitarized Zone

Computer slang used for a protected network that sits between the Internet and the corporate network.
Sometimes called a perimeter network.

A DMZ is a computer network that is accessible from two other computer networks that have no direct contact with each other. Often, one of these networks is the Internet and the other is a local, internal network. There is no direct connection between the Internet and the local network, but both of them can access an intermediate network, a demilitarized zone. DMZs are often used for special servers, such as web servers, which must be accessible from two separate networks.

Tuesday, March 21, 2006

SQL Server Proxy Account

George,
Who require proxy access ?
This will allow jobs scheduled by non-admin users (such as Bank staff) to properly execute DTS packages.
SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell and own SQL Server Agent jobs. The administrators can assign appropriate security permissions to the proxy account to control the ability of these jobs to access resources in the network.

Why they needed?
1. SQL Proxy accounts are required to enable general users to schedule and execute SQL jobs for DTS packages (ETL).
2. In SQL Server 2000, a domain user cannot run the xp_cmdshell extended stored procedure even when the user has permissions
3. To create CmdExec and ActiveScript jobs belonging to someone other than a SQL Server administrator.
4. SQL Server Agent jobs also must execute in the security context of a Windows account. If the job is owned by a member of the sysadmin fixed server role, the job executes using the Windows account under which the SQL Server service is running. If the job owner is not in sysadmin, the job executes using the SQL Server Agent proxy account.
The following Microsoft knowledge base article explains what is required to execute a DTS package from an SQL Server job. This will allow jobs scheduled by non-admin users (such as Bank staff) to properly execute DTS packages.
http://support.microsoft.com/?kbid=269074