locked
SQL Sever 2014 File Access RRS feed

  • Question

  • Hi,

    I'm running SQL Server 2014 using a Managed Service Account for the DB Engine service.

    I'm creating a new database and deliberately specifying the data file and log file to a folder that exists (c:\sqlserverdata) but which doesn't explictly have read/write access granted to the above Managed Service Account.

    I was expecting the CREATE DATABASE command to fail, but it succeeded and I can't explain why.

    When I look at the security tab for "C:\sqlseverdata" it shows access is granted to

    - CREATOR OWNER

    - SYSTEM

    - Administrator (domain\administrators)

    - Administrators (PC\Administrators)

    - USERS (PC\Users)

    When I look at the "Effective Permissions" for "c:\sqlserverdata" it shows that the Managed Service Account has:

    - create files/write data

    - create folders  / append data

    - read permissions

    The Managed Service Account is not a member of the local or domain administrators group. Is it possible that the Managed Service Account is a member of USERS? 

    How can I determine why the Managed Service Account has read/write access to "c:\sqlserverdata" ?

    Thanks.

    Monday, July 10, 2017 2:03 AM

All replies

  • Hi TechNetGuru,

     

    Which specific computer account in AD did you use to associate with this Managed Service Account? What about the permission of this account?

     

    Best Regards,

    Teige

     


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, July 18, 2017 9:58 AM