Join Log in
Score:1
RonJohn avatar Server

Can't find NT SERVICE\MSSQLSERVER to give it Read privs on a cert

id flag
RonJohn

I've got SQL Server 2016 happily running under the default account NT SERVICE\MSSQLSERVER. Now, though, I need to give that pseudo-account read priv on a newly installed SSL Certificate.

The pseudo-account exists here:

Windows knows about it here...

But is not findable by the Add User dialog box in mmc when managing the cert:

but not here.

Is there a way to find it, or must I run SQL Server using an actual user account in this case?

2248
1 + 0
Score:1
Jevgenij Martynenko avatar Server
us flag
Jevgenij Martynenko

Use correct per-service SID to grant permissions and rights:

  • NT SERVICE\MSSQLSERVER
  • NT SERVICE\SQLSERVERAGENT

More information can be found here: https://learn.microsoft.com/en-us/sql/relational-databases/security/using-service-sids-to-grant-permissions-to-services-in-sql-server?view=sql-server-ver16

+ 4
RonJohn avatar
id flag
RonJohn
Maybe I misunderstand something, but my problem is with `mmc`, not SQL Server.
0
Reply
Jevgenij Martynenko avatar
us flag
Jevgenij Martynenko
Try putting `NT SERVICE\MSSQLSERVER` into "Object name" field. As per your screenshot you currently specified `MSSQLSERVER`
0
Reply
RonJohn avatar
id flag
RonJohn
`NT SERVICE\MSSQLSERVER` was the first thing I tried. Plain old `MSSQLSERVER` was the second...
0
Reply
Manu avatar
us flag
Manu
I can confirm J-Ms solution, which works on my 14.0.2047.8 standard edition.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.