Hi,
I tried to backup the master key by the following syntax :
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'mypassword'
BACKUP MASTER KEY TO FILE = 'c:\temp\master' ENCRYPTION BY PASSWORD = 'mypassword'
but it failed and i got the following message:
Cannot write into file 'c:\temp\master'. Verify that you have write permissions, that the file path is valid, and that the file does not already exist.
NB: I am using the "sa" user to execute this command.
I know that we have a security permission issue , but where and how ?
Regards,
Tarek Ghazali
SQL Server MVP
In this case the permissions check are done by Windows to verify that the SQL Server service account has access to create the file. Most likely you are running SQL Server using a low privileged domain account (which is highly recommended). To check the name of the service account being used, you can use SQL Server Configuration Manager (SCM).
Rather than granting permissions directly to this service account on local Windows resources, you can grant the permissions to the corresponding Windows group that SQL Server 2005 setup created for you. You can find the name of this group in the local users and groups management tool in Windows (Computer Management tool).
The name for the SQL Server 2005 groups should be based on the following pattern:
SQLServer2005MSSQLUser$<<Server_name>>$<<Instance_name >>
For example: SQLServer2005MSSQLUser$MY_SERVER$MSSQLSERVER
Once you have found the name for the service account group, you can grant the proper permissions on Windows resources (such as write permissions on folders or read permissions on files you need to import).
I hope this information will help you,
-Raul Garcia
SDE/T
SQL Server Engine
|||Hi Raul,
first Thanks for your reply.
I tried that also but it didn't work,
Any other idea ?
Thanks,
Tarek Ghazali
SQL Server MVP
Web site: www.sqlmvp.com
|||I forgot another reason why backup may fail: the backup operations for keys won’t replace any files, make sure the file name is unique. Let me know if changing the name of the file worked.
BTW. If you create backups of your master keys on a regular schedule and regenerate the keys (which is highly recommended), it is a good idea to keep an archive of your old keys (protected in a safe place) in case you need to access data from some old backup.
Thanks,
-Raul Garcia
SDE/T
SQL Server Engine
No comments:
Post a Comment