(imported topic written by SystemAdmin)
I’m curious how people are configuring their MS SQL Servers and fixlets to avoid authentication issues with patches. For example, when we try to install MS12-027 (id 1202709) we get the following error in the SQL logs.
1.203: SQL DLL: User authentication failed 1.203: SQL DLL: Login failed
for user
'NT AUTHORITY\SYSTEM'. 1.203: SQL DLL: Error, authentication checks have failed
for one or more product instances, aborting install
Using our current tool, the patch is installed using a local Administrator account . My DB group has already said that configuring access for the SYSTEM account is not something they would do in production.
I’ve seen some threads that suggest using ‘runas’ or ‘at’ scheduler but they seem insecure and kludgey