cancel
Showing results for 
Search instead for 
Did you mean: 

HADhelper permissions 5.1 sp2 x64

lee_foster1
Level 3
Employee

 

 I a currently working with a customer implementing HA/DR for SQL 2008 and EV9. 


The  customer needs to know why the VCS hadhelper account requires the following permissions


SECTION 2 - Required Rights

The account that is used by the HadHelper service must have the following rights:

1. Act as part of the operating system
2. Back up files and directories
3. Adjust memory quotas for a process
4. Increase scheduling priority
5. Restore files and directories
6. Log on as a service
7. Add workstations to Domain (this is available by default to all Authenticated Users)


Ideally they need to know why each of these is required and are even prepared to log a support case/escalation to PM to gain a detailed understanding. 


Any input here would be very much appreciated. 


best regards


Lee 
1 ACCEPTED SOLUTION

Accepted Solutions

Wally_Heim
Level 6
Employee

Hi Lee,

Without these permissions, the Lanman resource will not be able to online with the default settings needed by SQL to perform some operations correctly.  Most these operations have to do with multiple SQL server environments but I cannot say exactly what in SQL will not work if these permissions are not provided to the HADHelper service account.

Here is a basic run down on why these are needed.  The HADHelper service account uses these permissions with the Lanman resource to perform DNS and AD updates that allow the virtual server to perform security related authentication such as Kerberos that SQL requires to do certain SQL to SQL and SQL to MSDTC operations.

 

Thanks,

Wally

 

 

View solution in original post

2 REPLIES 2

g_lee
Level 6

https://www-secure.symantec.com/connect/forums/vcs-hadhelper-permissions-requirement-validation

Wally_Heim
Level 6
Employee

Hi Lee,

Without these permissions, the Lanman resource will not be able to online with the default settings needed by SQL to perform some operations correctly.  Most these operations have to do with multiple SQL server environments but I cannot say exactly what in SQL will not work if these permissions are not provided to the HADHelper service account.

Here is a basic run down on why these are needed.  The HADHelper service account uses these permissions with the Lanman resource to perform DNS and AD updates that allow the virtual server to perform security related authentication such as Kerberos that SQL requires to do certain SQL to SQL and SQL to MSDTC operations.

 

Thanks,

Wally