Healthservice Service SID Type

Hi,

While visiting customers, I'm often asked how to configure RunAs accounts for the SQL Management Pack.
I love the new way using the Healthservice Service SID as Kevin Holman documented in his blog post over here: https://blogs.technet.microsoft.com/kevinholman/2016/08/25/sql-mp-run-as-accounts-no-longer-required-2/

I don't want to go over the configuration of his Management Pack again. I just want to show on how you can query the Healthservice SID setting.

 

Let's start:

 

We're using the SC.EXE tool to set the SID type for the Healthservice.
For more information on Windows Service Hardening, take a look over here: https://blogs.technet.microsoft.com/askperf/2008/02/03/ws2008-windows-service-hardening/

 

To set the SID type to unrestricted, we use the following command:
sc sidtype HealthService unrestrictedShowing the following output:

That's it, you can use the Service SID of the Healthservice as a logon in SQL Server

 

What the command does, is changing the value of the registry key: "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HealthService\ServiceSidType" to 1:

 

 

You can use the following commands to get more information of the Healthservice SID type setting:

 

sc qsidtype healthservice An example of an unconfigured "NONE" SID type:

An example of a configured "UNRESTRICTED" SID type:

 

 

sc showsid healthservice An example of an unconfigured "Inactive" status:

An example of a configured "Active" status:

 

 

This wil hopefully point you in the right direction when verifying the Healthservice Service SID.