Created
February 1, 2018 13:27
-
-
Save AshFlaw/ea9ec4a0f0c0e69ed62683ee802045b3 to your computer and use it in GitHub Desktop.
# Set SQL 2016 SSIS Service Account DCOM Permissions on Windows Server 2012 R2 Core
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ServiceName = "MsDtsServer130" #SQL 2016 SSIS Service Name | |
$SSIS_Service = Get-WmiObject win32_service | where-object {$_.Name -eq $ServiceName} | |
If ($SSIS_Service -ne $null) | |
{ | |
$SSIS_AppDesc = "Microsoft " + (Get-Service $ServiceName).DisplayName # Add the prefix which is not present in the service description | |
$SSISAccount = $SSIS_Service.StartName.Split("\") | |
$user = $SSISAccount[1] | |
$domain = $SSISAccount[0] | |
$appdesc = $SSIS_AppDesc | |
$app = get-wmiobject -query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE Description = "' + $appdesc + '"') -enableallprivileges | |
$appid = $app.appid | |
$app = get-wmiobject -query ('SELECT * FROM Win32_DCOMApplicationSetting WHERE AppId = "' + $appid + '"') -enableallprivileges | |
$sdRes = $app.GetLaunchSecurityDescriptor() | |
$sd = $sdRes.Descriptor | |
$trustee = ([wmiclass] 'Win32_Trustee').CreateInstance() | |
$trustee.Domain = $domain | |
$trustee.Name = $user | |
$localLaunchActivate = 11 | |
$ace = ([wmiclass] 'Win32_ACE').CreateInstance() | |
$ace.AccessMask = $localLaunchActivate | |
$ace.AceFlags = 0 | |
$ace.AceType = 0 | |
$ace.Trustee = $trustee | |
[System.Management.ManagementBaseObject[]] $newDACL = $sd.DACL + @($ace) | |
$sd.DACL = $newDACL | |
$app.SetLaunchSecurityDescriptor($sd) | |
} | |
Else | |
{ | |
Write-Output "$ServiceName not found." | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment