Date parsed: 16/10/2007 17:00:23
Date: Tue, 16 Oct 2007 21:00:23 -0400

HowTo: Backup to UNC name using Database Maintenance Wizard
http://support.microsoft.com/kb/555128

Resolution section details permissions required.

--
Geoff N. Hiten
Senior SQL Infrastructure Consultant
Microsoft SQL Server MVP



"Jay" <nospan@nospam.org> wrote in message
news:ejniBIEEIHA.5980@TK2MSFTNGP04.phx.gbl...
> SQL Server 2000 (and a couple 2005's)
>
> We're setting up backups to a NAS server (early stages) and have hit a
> snag with permissions. For security reasons, not all servers are in the
> domain and the UNC to the SAN is not wide open.
>
> I'm currently executing backups from the SQL Server 'sa' account, but
> can't figure out what its ID is in Windows. I think that is what I would
> need to grant permissions to the SAN.
>
> The only way I can think of to do this is to create an admin account local
> to each machine (and in the local sql server) with sysadmin permissions
> and then grant that domain\user permissions on the SAN, one-by-one. Seems
> kinda kludgie and I would rather continue to use sa for backups.
>
> Thanks,
> Jay
>

Date parsed: 18/10/2007 04:45:23
Date: Thu, 18 Oct 2007 11:45:23 -0700

The only problem is: what you suggested won't work at all. The number one
requirment was that the account must be a domain account. Kinda hard to do
when the machine isn't on the domain.

And before you respond, the machine was taken off the domain because of
security issues.

.... unless it's possible to create a second domain where both have access to
the NAS?


"Geoff N. Hiten" <SQLCraftsman@gmail.com> wrote in message
news:%23S$yjHbEIHA.4880@TK2MSFTNGP03.phx.gbl...
> This is probably credential caching. I wouldn't bet on it always working,
> but feel free to experiment. I wrote what works every time. Mapped
> drives work some of the time and don't work some of the time so I avoid
> using them.
>
> --
> Geoff N. Hiten
> Senior SQL Infrastructure Consultant
> Microsoft SQL Server MVP
>
>
> "Jay" <spam@nospam.org> wrote in message
> news:eDPxqDZEIHA.5044@TK2MSFTNGP03.phx.gbl...
>> Thanks Geoff.
>>
>> One curosity, the server I wen't for the initial test on was not part of
>> the domain, hence I couldn't use a domain account. The windows admin
>> handed me a DOS "net use" command to embed in the procedure, which
>> allowed access to the UNC.
>>
>> Now it does have the login/password embeded in the command, which I don't
>> like, but I am still working on it.
>>
>> When I went to test some error conditions, I commented out the "net use"
>> and to my surprise, it still worked. So, I closed the QA session and
>> relaunched it (EM was still running). It still worked.
>>
>> I'm wondering if I can put that net use in a seperate proc and run it at
>> system startup, or maybe do something else to hide it and call it from
>> the backup program.
>>
>> Jay
>>
>> "Geoff N. Hiten" <SQLCraftsman@gmail.com> wrote in message
>> news:uVk$ZkFEIHA.5752@TK2MSFTNGP02.phx.gbl...
>>> HowTo: Backup to UNC name using Database Maintenance Wizard
>>> http://support.microsoft.com/kb/555128
>>>
>>> Resolution section details permissions required.
>>>
>>> --
>>> Geoff N. Hiten
>>> Senior SQL Infrastructure Consultant
>>> Microsoft SQL Server MVP
>>>
>>>
>>>
>>> "Jay" <nospan@nospam.org> wrote in message
>>> news:ejniBIEEIHA.5980@TK2MSFTNGP04.phx.gbl...
>>>> SQL Server 2000 (and a couple 2005's)
>>>>
>>>> We're setting up backups to a NAS server (early stages) and have hit a
>>>> snag with permissions. For security reasons, not all servers are in the
>>>> domain and the UNC to the SAN is not wide open.
>>>>
>>>> I'm currently executing backups from the SQL Server 'sa' account, but
>>>> can't figure out what its ID is in Windows. I think that is what I
>>>> would need to grant permissions to the SAN.
>>>>
>>>> The only way I can think of to do this is to create an admin account
>>>> local to each machine (and in the local sql server) with sysadmin
>>>> permissions and then grant that domain\user permissions on the SAN,
>>>> one-by-one. Seems kinda kludgie and I would rather continue to use sa
>>>> for backups.
>>>>
>>>> Thanks,
>>>> Jay
>>>>
>>>
>>
>>
>

Date parsed: 18/10/2007 11:59:06
Date: Thu, 18 Oct 2007 15:59:06 -0400

This setup can work across domain boundaries if there is a trust
relationship in place. The NAs box must be in a resource domain relative to
the SQL server.

--
Geoff N. Hiten
Senior SQL Infrastructure Consultant
Microsoft SQL Server MVP


"Jay" <spam@nospam.org> wrote in message
news:eLtFJcbEIHA.1208@TK2MSFTNGP03.phx.gbl...
> The only problem is: what you suggested won't work at all. The number one
> requirment was that the account must be a domain account. Kinda hard to do
> when the machine isn't on the domain.
>
> And before you respond, the machine was taken off the domain because of
> security issues.
>
> ... unless it's possible to create a second domain where both have access
> to the NAS?
>
>
> "Geoff N. Hiten" <SQLCraftsman@gmail.com> wrote in message
> news:%23S$yjHbEIHA.4880@TK2MSFTNGP03.phx.gbl...
>> This is probably credential caching. I wouldn't bet on it always
>> working, but feel free to experiment. I wrote what works every time.
>> Mapped drives work some of the time and don't work some of the time so I
>> avoid using them.
>>
>> --
>> Geoff N. Hiten
>> Senior SQL Infrastructure Consultant
>> Microsoft SQL Server MVP
>>
>>
>> "Jay" <spam@nospam.org> wrote in message
>> news:eDPxqDZEIHA.5044@TK2MSFTNGP03.phx.gbl...
>>> Thanks Geoff.
>>>
>>> One curosity, the server I wen't for the initial test on was not part of
>>> the domain, hence I couldn't use a domain account. The windows admin
>>> handed me a DOS "net use" command to embed in the procedure, which
>>> allowed access to the UNC.
>>>
>>> Now it does have the login/password embeded in the command, which I
>>> don't like, but I am still working on it.
>>>
>>> When I went to test some error conditions, I commented out the "net use"
>>> and to my surprise, it still worked. So, I closed the QA session and
>>> relaunched it (EM was still running). It still worked.
>>>
>>> I'm wondering if I can put that net use in a seperate proc and run it at
>>> system startup, or maybe do something else to hide it and call it from
>>> the backup program.
>>>
>>> Jay
>>>
>>> "Geoff N. Hiten" <SQLCraftsman@gmail.com> wrote in message
>>> news:uVk$ZkFEIHA.5752@TK2MSFTNGP02.phx.gbl...
>>>> HowTo: Backup to UNC name using Database Maintenance Wizard
>>>> http://support.microsoft.com/kb/555128
>>>>
>>>> Resolution section details permissions required.
>>>>
>>>> --
>>>> Geoff N. Hiten
>>>> Senior SQL Infrastructure Consultant
>>>> Microsoft SQL Server MVP
>>>>
>>>>
>>>>
>>>> "Jay" <nospan@nospam.org> wrote in message
>>>> news:ejniBIEEIHA.5980@TK2MSFTNGP04.phx.gbl...
>>>>> SQL Server 2000 (and a couple 2005's)
>>>>>
>>>>> We're setting up backups to a NAS server (early stages) and have hit a
>>>>> snag with permissions. For security reasons, not all servers are in
>>>>> the domain and the UNC to the SAN is not wide open.
>>>>>
>>>>> I'm currently executing backups from the SQL Server 'sa' account, but
>>>>> can't figure out what its ID is in Windows. I think that is what I
>>>>> would need to grant permissions to the SAN.
>>>>>
>>>>> The only way I can think of to do this is to create an admin account
>>>>> local to each machine (and in the local sql server) with sysadmin
>>>>> permissions and then grant that domain\user permissions on the SAN,
>>>>> one-by-one. Seems kinda kludgie and I would rather continue to use sa
>>>>> for backups.
>>>>>
>>>>> Thanks,
>>>>> Jay
>>>>>
>>>>
>>>
>>>
>>
>
>