none
Is it possible to change the "localized service names"?

    Pertanyaan

  • We use chef to manage some servers included the installed SQL Server instances. We have noticed that on one server it doesn't work because the login fails. The cause is the localized service name (https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-2017). Our script uses the "NT AUTHORITY\SYSTEM" with windows authentication to log in into the SQL Server instances but on one server this account has the localized service name "NT-AUTORITÄT\SYSTEM" and the login fails.

    Is there a way to "change" this localized service name to the standard English name? So that our chef scripts will work also on this server.

    Kamis, 05 Juli 2018 12.27

Jawaban

  • We can get the localized name with the following powershell command

    (New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-18")).Translate( [System.Security.Principal.NTAccount]).Value

    Problem solved, but it was and it is still a pain in the ass, why localize system account names? It is so dumb.

    • Ditandai sebagai Jawaban oleh spamme1 Senin, 09 Juli 2018 09.25
    Senin, 09 Juli 2018 09.21

Semua Balasan

  • I don't understand this. When you log into SQL Server with Windows authentication, you cannot select which user to log in as, but you log in with the same user as you logged into Windows. So there is something more to it, although what is not clear.

    In any case, identification is primarily by SID and not by name. But if NT AUTHORITY\SYSTEM and NT-AUTORITÄT\SYSTEM exists on the machine, you could grant to access to both.

    Personally, I would prefer to no use any of them and use managed service accounts instead.


    Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

    Kamis, 05 Juli 2018 22.23
  • Hi spamme1,

     

    According to your description, I understand that your script uses the "NT AUTHORITY\SYSTEM" account to log in but on one server this account has the localized service name "NT-AUTORITÄT\SYSTEM". If anything is misunderstand, please tell me.

     

    The "NT AUTHORITY\SYSTEM" account is a built-in Windows account. Based on my experience, the account name can't be modified. As a workaround, could you please try to modify the script and add a statement like "if…else" to specify condition and use "NT-AUTORITÄT\SYSTEM" to log in the server.

     

    Best Regards,

    Emily


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

    Jumat, 06 Juli 2018 06.22
  • You are right, we don't need the login name to login because it windows authentication, but we need the "login name" to change the security settings on some databases, and the "login name" has a different name.
    Jumat, 06 Juli 2018 10.59
  • There is only one system login and this localization of login names it is really a pain in the ass.

    Any way we try to find out the login name from the security identifier S-1-5-18.

    Jumat, 06 Juli 2018 11.01
  • Any way we try to find out the login name from the security identifier S-1-5-18.

    I guess there is a way to this in Windows, using that string, but this is not a Windows forum. (And I am not a Windows specialist).

    In SQL Server you can use SELECT suser_sname(0x010100000000000512000000).

    Jumat, 06 Juli 2018 21.33
  • Have you tried creating a new login "NT AUTHORITY\SYSTEM" with windows authentication? See if it allows you. If it doesn't, maybe drop the problematic one and re-try creating the actual one that you expect there. I'll leave it up to you to decide. 

    I have no idea what this "chef" application is but if there's a way to run it under an AD account, you can create one and add it across all SQL Servers in scope with appropriate permissions. 


    Please remember to click "Mark as Answer" if my response answered your question or click "Vote as helpful" if it helped you in any way.

    Jumat, 06 Juli 2018 22.15
  • We can get the localized name with the following powershell command

    (New-Object System.Security.Principal.SecurityIdentifier ("S-1-5-18")).Translate( [System.Security.Principal.NTAccount]).Value

    Problem solved, but it was and it is still a pain in the ass, why localize system account names? It is so dumb.

    • Ditandai sebagai Jawaban oleh spamme1 Senin, 09 Juli 2018 09.25
    Senin, 09 Juli 2018 09.21
  • Nice try, you can't create a system account, and at least make the effort of googling the application name, if you don't know what it is, above all when it is an application used by millions of IT professionals.

    • Diedit oleh spamme1 Senin, 09 Juli 2018 09.26
    Senin, 09 Juli 2018 09.24