Spotlight on SQL Server Enterprise 11.7

Chat now with support

Get Live Help
Complete Registration

Sign In

Request Pricing

Contact Sales

Spotlight on SQL Server Enterprise 11.7 - Release Notes

New Features Enhancements Deprecated Features Resolved Issues Known Issues System Requirements Product Licensing Upgrade and installation instructions More resources Globalization About us Copyright

2. Grant permissions to get information about services

Note: This is step 2 of the procedure for how to Configure WMI with minimum required user permissions.

Spotlight User is the windows user that will be used in the connection to the Windows server and/or Windows host of the database connection. For more information, see Configure | Connections.

Retrieve the user SID

From the Windows command prompt, type powershell and click Enter to open the Powershell.

Run the following command to retrieve the user SID of the Spotlight User. Replace domainName and userName with the domain name and user name for the Spotlight User account.

[wmi]"win32_useraccount.domain='domainName',name='userName'"

Retrieve the current SDDL for the Services Control Manager

From the Windows command prompt, run the following command to retrieve the current SDDL for the Services Control Manager. The SDDL is saved in the file called file.txt.

sc sdshow scmanager > file.txt

The SDDL looks something like this. For more information see Microsoft KB914392.

D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Modify the SDDL

Copy the section of the SDDL that ends in IU (Interactive Users). This section is one complete bracketed clause ie (A;;CCLCRPRC;;;IU). Paste this clause directly after the clause you copied from.

In the new text, replace IU with the user SID of the Spotlight User.

The new SDDL looks something like the following:

D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU) (A;;CCLCRPRC;;;S-1-5-21-214A909598-1293495619-13Z157935-75714)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA) S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

Set the security credentials for accessing the Service Control Manager

The sdset command on sc sets the security credentials for accessing the Service Control Manager (scmanager). Note the permissions on scmanager are being replaced. Setting security credentials is not additive. That’s why we needed to copy the existing permissions.

sc sdset scmanager "D:(A;;CC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CCLCRPRC;;;S-1-5-21-214A909598-1293495619-13Z157935-75714)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)"

Please select your product:

To serve you better, please complete the Purpose of your Chat:

Recommended Solutions for Your Problem