Philip Van de Vyver on SCOM and Azure Log Analytics

Information out of the field on Operations Manager and Azure Log Analytics

Healthservice Service SID Type


While visiting customers, I’m often asked how to configure RunAs accounts for the SQL Management Pack.
I love the new way using the Healthservice Service SID as Kevin Holman documented in his blog post over here:

I don’t want to go over the configuration of his Management Pack again. I just want to show on how you can query the Healthservice SID setting.


Let’s start:


We’re using the SC.EXE tool to set the SID type for the Healthservice.
For more information on Windows Service Hardening, take a look over here:


To set the SID type to unrestricted, we use the following command:
sc sidtype HealthService unrestricted
Showing the following output:

That’s it, you can use the Service SID of the Healthservice as a logon in SQL Server


What the command does, is changing the value of the registry key: “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\ServiceSidType” to 1:



You can use the following commands to get more information of the Healthservice SID type setting:


sc qsidtype healthservice

An example of an unconfiguredNONE” SID type:

An example of a configuredUNRESTRICTED” SID type:



sc showsid healthservice

An example of an unconfiguredInactive” status:

An example of a configuredActive” status:



This wil hopefully point you in the right direction when verifying the Healthservice Service SID.