Kaspersky Security Center 14

Configuring accounts for work with SQL Server (Windows authentication)

February 19, 2024

ID 240593

Prerequisites

Before you assign rights to the accounts, perform the following actions:

  1. Make sure that you log in to the system under the local administrator account.
  2. Install an environment for working with SQL Server.
  3. Make sure that you have a Windows account under which you will install Administration Server.
  4. Make sure that you have a Windows account under which you will start the Administration Server service.
  5. On SQL Server, create a login for the Windows account used to run the Administration Server installer (hereinafter also referred to as the installer). Also, create a login for the Windows account used to start the Administration Server service.

If you use SQL Server Management Studio, on the General page of the login properties window, select the Windows Authentication option.

If you want to install Administration Server and SQL Server on devices that are located in separate Windows domains, note that these domains must have two-way trust relationships to ensure the correct operation of Administration Server, including running tasks and applying policies. For information about the required accounts for work with various DBMSs and accounts' rights, see Accounts for work with the DBMS.

Configuring the accounts to install Administration Server (automatic creation of the Administration Server database)

To configure the accounts for the Administration Server installation:

  1. On SQL Server, assign the sysadmin server-level role to the login of the Windows account used to run the installer.
  2. Log in to the system under the Windows account used to run the installer.
  3. Run the Administration Server installer.

    The Administration Server Setup wizard starts. Follow the instructions of the wizard.

  4. Select the custom installation of Administration Server option.
  5. Select the Microsoft SQL Server as a DBMS that stores the Administration Server database.
  6. Select the Microsoft Windows Authentication mode to establish a connection between Administration Server and SQL Server through a Windows account.
  7. Specify the Windows account used to start the Administration Server service.

    You can select the Windows user account for which you created an SQL Server login earlier. Alternatively, you can automatically create a new Windows account in the KL-AK-* format by using the installer. In this case, the installer automatically creates an SQL Server login for this account. Regardless of the account choice, the installer assigns the required system rights and SQL Server rights to the Administration Server service account.

After the installation finishes, the Server database is created, and all the required system rights and SQL Server rights are assigned to the Administration Server service account. Administration Server is ready to use.

Configuring the accounts to install Administration Server (manual creation of the Administration Server database)

To configure the accounts for the Administration Server installation:

  1. On SQL Server, create an empty database. This database will be used as an Administration Server database (hereinafter also referred to as a Server database).
  2. For both SQL Server logins created for the Windows accounts, specify the public server-level role, and then configure the mapping to the created database:
    • Server-level role: public
    • Database role membership: db_owner, public
    • Default schema: dbo
  3. Log in to the system under the Windows account used to run the installer.
  4. Run the Administration Server installer.

    The Administration Server Setup wizard starts. Follow the instructions of the wizard.

  5. Select the custom installation of Administration Server option.
  6. Select the Microsoft SQL Server as a DBMS that stores the Administration Server database.
  7. Specify the name of the created database as the Administration Server database name.
  8. Select the Microsoft Windows Authentication mode to establish a connection between Administration Server and SQL Server through a Windows account.
  9. Specify the Windows account used to start the Administration Server service.

    You can select the Windows user account for which you created an SQL Server login and configured the login rights earlier.

We do not recommend that you automatically create a new Windows account in the KL-AK-* format. In this case, the installer creates a new Windows account for which you have not created and configured an SQL Server account. Administration Server cannot use this account to start the Administration Server service. If it is necessary to create a KL-AK-* Windows account, do not start Administration Console after the installation. Do the following, instead:

  1. Stop the kladminserver service.
  2. On SQL Server, create an SQL Server login for the created KL-AK-* Windows account.
  3. Grant the rights to this SQL Server login and configure the mapping to the created database:
    • Server-level role: public
    • Database role membership: db_owner, public
    • Default schema: dbo
  4. Restart the kladminserver service, and then run the Administration console.

After the installation finishes, the Administration Server will use the created database to store the Server data. Administration Server is ready to use.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.