Microsoft KB Archive/294985

From BetaArchive Wiki
Knowledge Base


FIX: SQL Server Agent Proxy Account Not Cleaned Up When Instance Is Uninstalled

Article ID: 294985

Article Last Modified on 11/5/2003


APPLIES TO

  • Microsoft SQL Server 2000 Standard Edition


This article was previously published under Q294985

BUG #: 235060 (SHILOH_BUGS)

SYMPTOMS

SQL Server Agent proxy account information may not be cleared when a SQL Server instance is uninstalled. The instance can be either a default or a named instance of SQL Server.

For example, suppose that a SQL Server instance named "Instance1" creates a SQL Server Agent proxy account using the following command: 

EXEC master.dbo.xp_sqlagent_proxy_account N'SET',
             N'DOMAIN', 
             N'UserOne',
             N'PwdOne',

When Instance1 is uninstalled, the proxy account information should be eliminated, but is not. If SQL Server is reinstalled with the same name of Instance1, the proxy account that was set previously can still be used. If you then run the following command; 

EXEC master.dbo.xp_sqlagent_proxy_account N'GET'

the following proxy account information is returned: 

DOMAIN UserOne

This is the account that was set in the previous installation of Instance1.

RESOLUTION

To resolve this problem, obtain the latest service pack for SQL Server 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack


IMPORTANT: The service pack must be applied to each instance of SQL Server for which the proxy account needs to be cleared with uninstall.


STATUS

Microsoft has confirmed that this is a problem in SQL Server 2000. This problem was first corrected in SQL Server 2000 Service Pack 1.

MORE INFORMATION

SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell commands and to own SQL Server Agent jobs. The administrators can assign appropriate security permissions to the proxy account to control the ability of these jobs to access resources in the network.

When a SQL Server user executes a command prompt command using xp_cmdshell, the command must execute in the security context of a Windows account. If the SQL Server user is a member of the sysadmin fixed server role, SQL Server executes the command prompt command using the Windows account under which the SQL Server service is running. If the SQL Server user executing xp_cmdshell is not a member of the sysadmin fixed server role, SQL Server executes the command using the Windows account specified as the SQL Server Agent proxy account. If no SQL Server Agent proxy account has been set, the user receives an error.

SQL Server Agent jobs also must execute in the security context of a Windows account. If the job is owned by a member of the sysadmin fixed server role, the job executes using the Windows account under which the SQL Server service is running. If the job owner is not in sysadmin, the job executes using the SQL Server Agent proxy account, and an error is raised if no proxy account has been set.


Additional query words: kbSQLServSearch, kbSQLServ2000Search, cleanup

Keywords: kbbug kbfix kbsqlserv2000sp1fix KB294985



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/294985&oldid=161334
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki