Would you be able to point me toward a resource that might explain how that works?
You’d add the NT AUTHORITY\ANONYMOUS LOGON user to the users allowed to access the database. The machine must have an enabled guest account for it to work I believe.
Basically when authentication fails, that’s the last ditch attempt to connect.
Thanks! I’ll look into that and see if it’s an option we can implement instead of joining the scale set VMs to the domain.
Haven’t tried this in forever, not sure it still works as kerberos has shored up security quite a bit.
It will make the squ server free for all, so you’ll want a few strict network security rules on it.
Sounds like an option, but a very hard sell even for test environments (we’re in a highly regulated PHI business). I appreciate the advice so far - it’s been quite a bit more than what I hear MS gave us.
Calling net use \\targetserver /user:user@domain password /noprofile in a script step before might also do the trick, as that is persisted for the duration of the logon session.
May have to add /netonly
You could remind teh security folks that of you open up the agent to the database for any workload it runs, you’re basically allowing remote code execution against that sql db for anyone who can trigger or edit the pipeline anyway. This is what servicecontainers are for and why there is a containerized version of SQL server/
