locked
Which credential is used when attempting to access network resources from SQL Server? RRS feed

  • Question

  • I'm RDP'd to a 2005 server using my AD credentials. SQL services are running with its own AD account. My question is, when I try to access or use a network resource, such as a file on another remote server, which credential is used to validate if access to that particular network resource is available or not, my AD credentials or the account that runs SQL services?

    In my case, I'm trying to update a file path in a legacy DTS pkg, and I'm getting an access denied error. Don't know if the access that's being denied is against my account or against the service account that SQL runs under.

    Appreciate the response. Thanks.

    Monday, November 21, 2011 7:41 PM

Answers

  • Can you save a txt file to the folder path of the DTS package? I want to say that it is your credentials as the SQL Service account doesn't seem that it would come into play simply saving a DTS package. Here is an article on the security issues with DTS packages. Is there a password on the DTS package itself?

    http://msdn.microsoft.com/en-us/library/aa933557(v=SQL.80).aspx

     

     

    • Proposed as answer by Warwick Rudd Tuesday, November 22, 2011 10:20 PM
    • Marked as answer by Maggie Luo Tuesday, November 29, 2011 6:46 AM
    Monday, November 21, 2011 9:59 PM
  • I believe that George is correct.  

    1. Edit a package and run it interactively, your own personal credentials are used. 

    2. Schedule a job to run from SQL Agent and it will be started by the SQL Server/SQL Agent service account and then (if you defined a SQL Agent proxy in the job) switch to the proxied account.

    RLF

    • Proposed as answer by Warwick Rudd Tuesday, November 22, 2011 10:20 PM
    • Marked as answer by Maggie Luo Tuesday, November 29, 2011 6:46 AM
    Tuesday, November 22, 2011 9:59 PM

All replies

  • Can you save a txt file to the folder path of the DTS package? I want to say that it is your credentials as the SQL Service account doesn't seem that it would come into play simply saving a DTS package. Here is an article on the security issues with DTS packages. Is there a password on the DTS package itself?

    http://msdn.microsoft.com/en-us/library/aa933557(v=SQL.80).aspx

     

     

    • Proposed as answer by Warwick Rudd Tuesday, November 22, 2011 10:20 PM
    • Marked as answer by Maggie Luo Tuesday, November 29, 2011 6:46 AM
    Monday, November 21, 2011 9:59 PM
  • I believe that George is correct.  

    1. Edit a package and run it interactively, your own personal credentials are used. 

    2. Schedule a job to run from SQL Agent and it will be started by the SQL Server/SQL Agent service account and then (if you defined a SQL Agent proxy in the job) switch to the proxied account.

    RLF

    • Proposed as answer by Warwick Rudd Tuesday, November 22, 2011 10:20 PM
    • Marked as answer by Maggie Luo Tuesday, November 29, 2011 6:46 AM
    Tuesday, November 22, 2011 9:59 PM