- Microsoft SQL Server 2012
Note After executing the script to add the login, you will need to restart the HealthService for the new settings to take effect. The display name for the HealthService is "System Center Management".
Security Enhancements (Database Engine)
The following table provides more information about the products or tools that automatically check for this condition on your instance of SQL Server and on the versions of the SQL Server product against which the rule is evaluated.
|Rule software||Rule title||Rule description||Product versions against which the rule is evaluated|
|System Center Advisor||SQL Server security configuration does not allow System Center Advisor to function properly||System Center Advisor agent connects to SQL Server and checks if the login used for the current connection has sysadmin role membership. Advisor generates an alert if it determines that the login used is not a member of the sysadmin role. This alert will be generated if neither the Local System nor the HealthService SID accounts are members of the sysadmin server role. Review the details that are provided in the “Information Collected” section of the advisor alert, and follow the resolution steps discussed in this article.||SQL Server 2012|
sc sidtype HealthService unrestrictedThis command creates an appropriate service SID for the SCOM service. Then, you open Microsoft SQL Management Studio (SSMS), connect to the SQL instance and run the following script:
USE [master]The script grants the service SID the required access to SQL Server.
/****** Add a login in SQL Server for the service SID of System Center Advisor HealthService ******/
CREATE LOGIN [NT SERVICE\HealthService]
WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english]
/****** Add the HealthService Service SID login to the sysadmin server role ******/
ALTER SERVER ROLE [sysadmin]
ADD MEMBER [NT SERVICE\HealthService]
Article ID: 2667175 - Last Review: Jul 17, 2014 - Revision: 1