While visiting customers, I’m often asked how to configure RunAs accounts for the SQL Management Pack.
I love the new way using the Healthservice Service SID as Kevin Holman documented in his blog post over here: https://blogs.technet.microsoft.com/kevinholman/2016/08/25/sql-mp-run-as-accounts-no-longer-required-2/
I don’t want to go over the configuration of his Management Pack again. I just want to show on how you can query the Healthservice SID setting.
We’re using the SC.EXE tool to set the SID type for the Healthservice.
For more information on Windows Service Hardening, take a look over here: https://blogs.technet.microsoft.com/askperf/2008/02/03/ws2008-windows-service-hardening/
To set the SID type to unrestricted, we use the following command:
sc sidtype HealthService unrestrictedShowing the following output:
That’s it, you can use the Service SID of the Healthservice as a logon in SQL Server
What the command does, is changing the value of the registry key: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\ServiceSidType” to 1:
You can use the following commands to get more information of the Healthservice SID type setting:
sc qsidtype healthservice
An example of an unconfigured “NONE” SID type:
An example of a configured “UNRESTRICTED” SID type:
sc showsid healthservice
An example of an unconfigured “Inactive” status:
An example of a configured “Active” status:
This wil hopefully point you in the right direction when verifying the Healthservice Service SID.