Hi,

I have set up an Active Directory, Certificate Services on Windows 2003
Server. I am running SQL 2000 Server. AD and Certificate Services were
installed correctly.

My goal is to be able to use SSL when connecting to SQL Server via Query
Analyzer. I also want to keep the SQL Server installation under a "Domain
User" account with as little privileges as possible.

My problem is that SQL Server will not start when "Domain User" is only a
"member of" "Users" group. It starts when I make "Domain User" a "member of"
"Administrators". It seems that the SSL "forced encryption" will only work
with "Administrator" privileges which is the total access to control the
server, and this is not safe.

Does it mean that SSL "forced encryption" will only work under a "Domain
User" that is a "member" of "Administrators"? Is there another "Group" with
limited privileges that I could assign the "Domain User" to?

How else could I have the SSL work and SQL server installation in a "Domain
User" account?

Thank you for your help.

How did you add the certificate on the SQL Server machine? If you use the
MMC snapin to create/add the certificate, macke sure you are logged in aas
the SQL Server startup account and create the certificate under the User
store not the computer store.

Rand
This posting is provided "as is" with no warranties and confers no rights.