xp_regread()返回错误5,“访问被拒绝。”

时间:2015-04-18 02:37:35

标签: sql-server sql-server-2008-r2 ssms

我正在运行SQL Server复制数据库向导。

值得注意的是,运算符是NT AUTHORITY\SYSTEM,我认为应该有权运行它想要的任何内容。

我们如何为NT AUTHORITY\SYSTEM授予足够的权限?我已经尝试过了:

GRANT EXECUTE ON xp_regread TO public
GRANT EXECUTE ON xp_regread TO [NT AUTHORITY\SYSTEM]

运行以下内容表明它有效。

SELECT
grantee_principal.name AS [Grantee]
, prmssn.permission_name
FROM
sys.all_objects AS xproc
INNER JOIN sys.database_permissions AS prmssn ON prmssn.major_id=xproc.object_id AND prmssn.minor_id=0 AND prmssn.class=1
INNER JOIN sys.database_principals AS grantee_principal ON grantee_principal.principal_id = prmssn.grantee_principal_id
WHERE
(xproc.type='X')and(xproc.name=N'xp_regread' and SCHEMA_NAME(xproc.schema_id)=N'sys')

输出:

Grantee                     permission_name
public                      EXECUTE
NT AUTHORITY\SYSTEM         EXECUTE

发生以下错误:

  Event Name: OnError
 Message: An exception occurred while executing a Transact-SQL statement or batch.
StackTrace:    at Microsoft.SqlServer.Management.Common.ServerConnection.ExecuteReader(String sqlCommand, SqlCommand& command)
   at Microsoft.SqlServer.Management.Smo.ExecuteSql.GetDataReader(String query, SqlCommand& command)
   at Microsoft.SqlServer.Management.Smo.DataProvider.SetConnectionAndQuery(ExecuteSql execSql, String query)
   at Microsoft.SqlServer.Management.Smo.ExecuteSql.GetDataProvider(StringCollection query, Object con, StatementBuilder sb, RetriveMode rm)
   at Microsoft.SqlServer.Management.Smo.SqlObjectBase.FillData(ResultType resultType, StringCollection sql, Object connectionInfo, StatementBuilder sb)
   at Microsoft.SqlServer.Management.Smo.SqlObjectBase.FillDataWithUseFailure(SqlEnumResult sqlresult, ResultType resultType)
   at Microsoft.SqlServer.Management.Smo.SqlObjectBase.BuildResult(EnumResult result)
   at Microsoft.SqlServer.Management.Smo.SqlServer.GetData(EnumResult erParent)
   at Microsoft.SqlServer.Management.Sdk.Sfc.Environment.GetData()
   at Microsoft.SqlServer.Management.Sdk.Sfc.Environment.GetData(Request req, Object ci)
   at Microsoft.SqlServer.Management.Sdk.Sfc.Enumerator.GetData(Object connectionInfo, Request request)
   at Microsoft.SqlServer.Management.Smo.ExecutionManager.GetEnumeratorDataReader(Request req)
   at Microsoft.SqlServer.Management.Smo.SqlSmoObject.GetInitDataReader(String[] fields, OrderBy[] orderby)
   at Microsoft.SqlServer.Management.Smo.SqlSmoObject.ImplInitialize(String[] fields, OrderBy[] orderby)
   at Microsoft.SqlServer.Management.Smo.SqlSmoObject.Initialize(Boolean allProperties)
   at Microsoft.SqlServer.Management.Smo.SqlSmoObject.OnPropertyMissing(String propname, Boolean useDefaultValue)
   at Microsoft.SqlServer.Management.Smo.PropertyCollection.RetrieveProperty(Int32 index, Boolean useDefaultOnMissingValue)
   at Microsoft.SqlServer.Management.Smo.PropertyCollection.GetValueWithNullReplacement(String propertyName, Boolean throwOnNullValue, Boolean useDefaultOnMissingValue)
   at Microsoft.SqlServer.Management.Smo.Server.get_InstanceName()
   at Microsoft.SqlServer.Dts.Tasks.TransferObjectsTask.MappedLogin.RefreshData()
   at Microsoft.SqlServer.Dts.Tasks.TransferObjectsTask.MappedLogin.CheckDirty()
   at Microsoft.SqlServer.Dts.Tasks.TransferObjectsTask.TransferObjectsTask.GetDatabaseLogins()
   at Microsoft.SqlServer.Dts.Tasks.TransferObjectsTask.TransferObjectsTask.UpdateObjectsToCopy()
InnerException-->xp_regread() returned error 5, 'Access is denied.'
xp_regread() returned error 5, 'Access is denied.'
xp_regread() returned error 5, 'Access is denied.'
StackTrace:    at Microsoft.SqlServer.Management.Common.ConnectionManager.ExecuteTSql(ExecuteTSqlAction action, Object execObject, DataSet fillDataSet, Boolean catchException)
   at Microsoft.SqlServer.Management.Common.ServerConnection.ExecuteReader(String sqlCommand, SqlCommand& command)
 Operator: NT AUTHORITY\SYSTEM
 Source Name: SQLSERVER2008R2_Transfer Objects Task
 Source ID: {9D0562F4-FCC9-498D-A2A9-FC9E5F3B681B}
 Execution ID: {23FF505D-00D3-4F84-8B9D-D9EC962C78D2}
 Start Time: 2015-04-17 7:23:24 PM
 End Time: 2015-04-17 7:23:24 PM
 Data Code: 0

这是我们需要使用的工具,因为我们无法访问远程服务器,并且因为导入导出向导失败。

2 个答案:

答案 0 :(得分:2)

您可能需要将该帐户添加到sysadmin服务器角色,该角色允许成员执行每项活动。

对于2008r2,执行以下命令:

EXEC sp_addsrvrolemember 'NT AUTHORITY\SYSTEM', 'sysadmin';

答案 1 :(得分:1)

这是尝试从SQL Server更新注册表时遇到的常见错误,并且在较新的版本(例如SQL Server 2017)中存在一些奇怪且不明显的路径问题。

该错误不是由于SQL Server内的安全性引起的,而是Windows安全性与注册表项的权限有关的,而这些安全性与运行特定SQL Server进程的用户有关。

例如,要从SQL Server执行与MSSQL相关的注册表命令,系统组NETWORKSERVICE需要对相关注册表路径进行完全控制。这是因为SQL Agent(默认情况下)以该系统组中的用户身份运行。

对于SQL Server设置,注册表路径为: >>> boundarylist = [('eː', 'n'), ('a', 'k'), ('a', 's')] >>> ' '.join([''.join(w) for w in boundarylist]) 'eːn ak as' >>>

例如,SQL Server中将日志文件大小限制设置为1024 KB的命令如下:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server

还要注意上面的截断路径。实际的完整注册表路径(对于SQL2017)如下:

USE [master] GO EXEC xp_instance_regwrite N'HKEY_LOCAL_MACHINE', N'SOFTWARE\Microsoft\Microsoft SQL Server\MSSQLServer', N'ErrorLogSizeInKb', REG_DWORD, 1024 GO

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQLServer SQL Server命令自动将版本密钥插入路径。对于SQL Server 2017,该密钥为xp_instance_regwrite

相关问题
最新问题