Support

Granting adTempus access to a remote database when running under the Local System account

Article ID: K00000616
Last Updated: November 16, 2022

Applies To

adTempus 4
adTempus 5

Summary

This article describes how to grant adTempus access to a remote SQL Server database when adTempus is running under the Local System account.

Background

The adTempus service by default runs under the Local System account, and this is the preferred account for the service. Under this account, adTempus by default cannot connect to a remote SQL Server instance using integrated security (without a user ID and password). For adTempus to connect to the database without a user ID and password, you must add access to SQL Server for the Local System account on the adTempus computer, as described in the following section.

Configuring SQL Server

Note: This procedure is only necessary if adTempus is running on a different computer than SQL Server. If they are on the same computer, no further configuration is needed.

To grant adTempus access to a remote SQL Server, you must add a machine login to SQL Server. To do so, connect to SQL Server using SQL Server Management Studio or another management tool.

In the database script below, make the following replacements:

Change "domain" to the name of your domain.
Change "computername" to the name of the computer where the adTempus service is running. Be sure to leave the "$" after the name as shown below.
Change "databasename" to the name of the adTempus database.

use [master]
GO

if not exists (select * from master.dbo.syslogins where loginname = N'DOMAIN\COMPUTERNAME$')
CREATE LOGIN [DOMAIN\COMPUTERNAME$] FROM WINDOWS with DEFAULT_DATABASE=[DATABASENAME]
go

use [DATABASENAME]
GO

if not exists (select * from dbo.sysusers where name = N'DOMAIN\COMPUTERNAME$' and uid < 16382)
	CREATE USER [DOMAIN\COMPUTERNAME$] FOR LOGIN [DOMAIN\COMPUTERNAME$] WITH DEFAULT_SCHEMA=[dbo]
GO

exec sp_addrolemember N'db_backupoperator', N'DOMAIN\COMPUTERNAME$'
GO

exec sp_addrolemember N'db_datareader', N'DOMAIN\COMPUTERNAME$'
GO

exec sp_addrolemember N'db_datawriter', N'DOMAIN\COMPUTERNAME$'
GO

Run the modified script and make sure that all statements succeeded.

adTempus should now be able to connect to the database while running under the Local System account.

Other Versions

This article applies only to the version(s) of the software shown above under Applies To. Other versions of the article are available:

adTempus 3