Healthservice Service SID Type


While visiting customers, I'm often asked how to configure RunAs accounts for the SQL Management Pack.
I love the new way using the Healthservice Service SID as Kevin Holman documented in his blog post over here:

I don't want to go over the configuration of his Management Pack again. I just want to show on how you can query the Healthservice SID setting.


Let's start:


We're using the SC.EXE tool to set the SID type for the Healthservice.
For more information on Windows Service Hardening, take a look over here:


To set the SID type to unrestricted, we use the following command:
sc sidtype HealthService unrestricted
Showing the following output:

That's it, you can use the Service SID of the Healthservice as a logon in SQL Server


What the command does, is changing the value of the registry key: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\ServiceSidType" to 1:



You can use the following commands to get more information of the Healthservice SID type setting:


sc qsidtype healthservice

An example of an unconfigured "NONE" SID type:

An example of a configured "UNRESTRICTED" SID type:



sc showsid healthservice

An example of an unconfigured "Inactive" status:

An example of a configured "Active" status:



This wil hopefully point you in the right direction when verifying the Healthservice Service SID.


Comments (0)

Skip to main content