Refer to Ken's improvement on my answer to your question (actually, he
answered it, I didn't - shame on me). For INSTALLATION the account needs
dbcreator and dbo.
AFAIK, the SQL MP only uses (by default) the action.account. Can I ask why
you aren't going with "Local System"?
If your action.account doesn't have sufficient privilege, you are going to
be using lots of Run As Profiles for all your monitoring. Depending on the
size of your environment, that can be very painful.
You can configure the SQL MP to use separate accounts (via Run As Profiles)
for both monitoring and for discovery, but the configuration is somewhat
painful if you are looking for a low-privilege environment. I don't know how
paranoid.uh, secure. your SQL guys are, but OpsMgr works best with 'sa'
level permissions in my experience. Specific details on the requirements are
defined in the document OM2007_MP_SQLSrvr.doc which should be located in the
SQL Server MP folder off the default management pack directory on your
OpsMgr server ("C:\Program Files\System Center Management Packs\SQL Server
System Center Operations Manager 2007 MP" on mine).
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Thursday, March 05, 2009 4:49 PM
To: NT System Admin Issues
Subject: RE: SCOM 2007 install issue
Michael,
Thanks for the direct reply. Unfortunately I just purchased the Unleashed
book or I'd take you up on that. J
I'll see if our DBA group will agree to give my account SA for the install.
Can you clarify a few more points on that?
1. After the install I'm assuming that my account can be removed and
will no longer require SA?
2. During the install I'm specifying domain accounts for the following
2 components. After the install what SQL roles/permissions do these accounts
need:
Management Server Action account
SDK and Configuration Service account
I appreciate your help with this.
Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
_____
From: Michael B. Smith [mailto:mich...@theessentialexchange.com]
Sent: Thursday, March 05, 2009 4:12 PM
To: NT System Admin Issues
Subject: RE: SCOM 2007 install issue
Yes. You need sa, unfortunately.
<shameless plug>
You can read my book for some additional details (I've got two chapters on
installing OpsMgr and a chapter on SQL Monitoring).
</shameless plug>
In general, the install and the management pack do so much more than just
deal with the OperationsManager database itself, that it requires additional
privileges. There are some folks who have tried to cut that back and assign
granular permissions, but it tends to reduce the efficacy of the MP.
Regards,
Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP
My blog: http://TheEssentialExchange.com/blogs/michael
Monitoring Exchange w/OpsMgr now available <http://snurl.com/45ppf>
http://snurl.com/45ppf
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Thursday, March 05, 2009 3:28 PM
To: NT System Admin Issues
Subject: SCOM 2007 install issue
Anyone do the single server install of SCOM 2007? Specifically I was
wondering what SQL 2005 permissions the account that is installing needs
within SQL. Our DBA group did the SQL install and gave my account the
dbcreator and public roles within SQL. That does not seem to be enough for
the install. Getting the 25154 error with error code -2147217900. I've
Googled this and found some hits but none specifically in regards to SQL
permissions.
I have read through the Deployment guide and the Design guide, and cant'
find a specific mention of this. I'm guessing if they give me sysadmin it
will work.
I'll post this over on MyITforum, but thought I might get a quicker response
here.
Thanks
Chris Bodnar, MCSE
Sr. Systems Engineer
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
_____
This message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable law.
If the reader of this message is not the intended recipient, you are
notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have received
this message in error, please notify the sender immediately by return e-mail
and delete the message and any attachments. Thank you.
_____
This message, and any attachments to it, may contain information that is
privileged, confidential, and exempt from disclosure under applicable law.
If the reader of this message is not the intended recipient, you are
notified that any use, dissemination, distribution, copying, or
communication of this message is strictly prohibited. If you have received
this message in error, please notify the sender immediately by return e-mail
and delete the message and any attachments. Thank you.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
