Resolution
How do I Configure VigilEnt Security Agent (VSA) for SQL Server to use Microsoft Windows Authentication?
fact
VigilEnt Security Agent for Microsoft SQL Server 1.0 SP3
fix
VigilEnt Security Agent (VSA) for Microsoft SQL Server uses a database account to access the Microsoft SQL Server database. This service pack allows you to configure VSA for Microsoft SQL Server to use a Microsoft Windows authenticated account to access the database.
To implement this feature, you need to specify NetIEServiceAccount as the user name when you register the Microsoft SQL Server database with VSA for Microsoft SQL Server. This user name directs VSA for Microsoft SQL Server to use Microsoft Windows authentication. VSA for Microsoft SQL Server then connects to the Microsoft SQL Server database using the account currently running the agent service.
The Microsoft Windows account running the agent service must have the correct permissions both in Microsoft Windows and within the database. You must set these permissions for the account, and then configure the agent to use this account.
To configure VSA for Microsoft SQL Server to use Microsoft Windows authentication:
- Create a Microsoft Windows account with the following permissions:
- Logon as a service permission.
- Permission to write to the Windows registry.
- Appropriate permissions to the data within the SQL Server database:
- Access to the master database.
- Select on syslogins in the master database.
- Select on sysdatabases in the master database .
- Select on sysconfigures in the master database .
- Select on sysprocesses in the master database .
- Execute on xp_logininfo in the master database .
- Execute on xp_loginconfig in the master database .
- Access to the msdb database .
- Select on sysdtspackages in the msdb database .
- Select on backupset in the msdb database .
- Select on mswebtasks in the msdb database .
- Select on sysjobs in the msdb database .
- Select on sysjobsteps in the msdb database .
- Select on sysjobhistory in the msdb database .
- To view some reports, the account also needs the System Administrator role. These reports access the password column of the sysxlogins table in the master database.
- Stop the VSA for Microsoft SQL Server agent service.
- Configure the service to use the Microsoft Windows account you created. You can specify the account for the service to use in the Services application in Administrative Tools. For more information about the Services application, see the Windows Help.
- Start the VSA for Microsoft SQL Server agent service.
- Run VSM DB Agent Console to register each Microsoft SQL Server database with VSA for Microsoft SQL Server and specify NetIQServiceAccount as the user name. You need to specify a dummy password to complete the registration, but since VSA for Microsoft SQL Server will use the account you defined in Microsoft Windows, this password is not used. If you have a large number of databases to register, see the VigilEnt Security Agent for Microsoft SQL Server Installation Guide or contact Technical Support for information about using the Configuration Wizard.
note
In the future, you may want to change the Microsoft Windows account used by the service. To change which Microsoft Windows account the service uses, start the Services application in Administrative Tools. Then, specify the new account in the Log on as property for the agent service, and specify the password information. You also then need to stop and restart the service. For more information about the Services application and working with services, see the Windows Help.