Jump to content

Monitoring Microsoft SQL Server with scripts

Recommended Posts

I'm starting to write scripts which does trivial things like get SQL Server error logs and job logs using the SMO .NET class.

My hurdle is that as a remote monitor runs in the NT AUTHORITY\SYSTEM context, in modern versions of SQL Server, the system does not have access to any of the SQL instances. 

I could give NT AUTHORITY\SYSTEM sysadmin role again, but it was removed by Microsoft as a default for a good security reason. How does or would anyone else tackle this? I'm now thinking of either:

  • (somehow) changing the security context of the service the agent runs as, although maybe this might break stuff? e.g. trying to access protected stuff which require UAC or something - turning UAC off isn't ideal
  • Use Scheduled Scripts and use the run as admin function(s) in the scripting engine so I can use admin credentials in the agent's Location, but this might also cause issues if UAC enabled

I haven't actually tested either of the above approaches. Figured I'd spark a conversation while I start testing.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...