SQL Server Performance Forum – Threads Archive
SQL Server Backup Login failed for user ‘NT AUTHORHello, I am getting an errror message when I do backups to an alternate machine. I have not been
getting this error message until I added one more user to the folder. I don’t know
what happened but something did happen. 2003-09-03 14:21:35.63 logon Login failed for user ‘NT AUTHORITYSYSTEM’.
2003-09-03 14:22:47.12 logon Login failed for user ‘NT AUTHORITYSYSTEM’.
2003-09-03 14:24:20.98 logon Login failed for user ‘NT AUTHORITYSYSTEM’.
2003-09-03 14:24:39.90 logon Login failed for user ‘NT AUTHORITYSYSTEM’ I don’t have the BuiltInAdministrators message because I removed that when we first set up the server. The backups were working fine even without this group. I checked the startup accounts for both SQL Server and SQL Server Agent services but they are set to the same user account as the account for backup jobs. That account is a domain admin account. I was researching on the internet and saw some recommendations about recreating the "BuiltInAdministrators" account. First question, does anybody know how to recreate this. Second question, why did it work fine without it and then now all of a sudden it is giving me problems? Thanks and appreciate all your help, Raj Raj Antony V
Do not post multiple(duplicate) posts, followuphttp://www.sql-server-performance.com/forum/topic.asp?TOPIC_ID=1576 here. _________
You can recreate this account by choosing ‘Windows Authentication’ while creating a new login through EM and selecting your server name as Domain.
Click on the browse button next to ‘Name’ and select the administrators group. This will show the login as <server name>/administrators which is equialent to ‘Builtin/administrators’. You can also type ‘Builtin’ at the Domain field instead of your server name to get the login name exactly as you are looking for.
I have locked other thread being another response is posted by Chakri.
Create another account with SYSADMIN Privileges on SQL and ADMIN privileges on OS and restart the SQL services. _________
If you remove the BUILTINAdministrators account make sure to add the account SQL Agent is using as sysadmin and also add the [NT AUTHORITYSYSTEM] account as sysadmin. See the following article for details:
Also if you are backing up to a remote machine you can not be running SQL Server as local system account. You need to run it as a domain account or it can not be granted access to the file share on the remote machine. /Argyle
by the way using a domain admin account to run SQLServer and SQLAgent is not a good idea from a security point of view… A compromised SQLServer means a compromised domain… Cheers
True, but for the housekeeping jobs that involved over the network is required domain account with admin privileges. _________
yes you need a domain account with suitable drive/file permissions and SQL sysadmin permission ,no you do not need NT local or domain admin privileges… It is one of the most common security holes left in SQL installations… Cheers
Well I mean to say if the service account required to replace permission then UPDATE privilege is required. In few instances FULL PERMISSION privileges is must and should. I agree and security fixes are available to patch-up those holes. _________