Microsoft KB Archive/171862

From BetaArchive Wiki
Knowledge Base


PRB: SQL Service Manager Shows Indeterminate for Non-Admin User

Article ID: 171862

Article Last Modified on 10/3/2003



APPLIES TO

  • Microsoft SQL Server 6.5 Standard Edition



This article was previously published under Q171862

SYMPTOMS

If a user is logged on to a Windows NT Server 4.0 computer running Microsoft SQL Server and the user is not logged on as an administrator, SQL Service Manager will show 'Service State Indeterminate' and not list any services. SQL Enterprise Manager and Control Panel Services will still show the current status of the MSSQLServer, SQLExecutive, and MSDTC services for a user who is not logged on as an administrator.

CAUSE

SQL Service Manager tries to read the registry for a list of services that it controls, using the machine name. It also uses the permissions of the user who is logged on to Windows NT. If the user who logged on to Windows NT is not an administrator, SQL Service Manager is not able to read the HKEY_LOCAL_MACHINE key on the <machine name>\SOFTWARE\Microsoft\MSSQLServer folder in the registry.

There is a new functionality in Windows NT 4.0 that provides a system administrator with the ability to secure remote registry access. The security on the following registry key dictates which users or groups can access the registry remotely:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
   \Winreg
                


In a default installation of Windows NT Workstation, this key does not exist. In a default installation of Windows NT Server, this key exists and grants administrators full control for remote registry operations. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

153183 How to Restrict Access to NT Registry from a Remote Computer


WORKAROUND

The following optional subkey defines specific paths into the registry that are allowed access, regardless of the security on the winreg registry key:

   HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers
   \Winreg\AllowedPaths\Machine (entry of type REG_MULTI_SZ)
                


The AllowedPaths registry key contains multiple strings, which represent registry entries that can be read by Everyone. This allows specific system functions (such as checking printer status) to work correctly regardless of how access is restricted by the winreg registry key.

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall SQL Server. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

By adding an additional string "SOFTWARE\Microsoft\MSSQLServer\SQL Service Manager" to the Machine value, SQL Service Manager can then display the current state of the SQL Server services for non administrator users. Any changes to the above registry entries require a restart for the changes to take effect.


Additional query words: start stop rpc redirector

Keywords: kbenv kbprb KB171862