Configure the SQL Server Account Used By Meridian
Meridian can use either a Windows account or a SQL Server account to access SQL Server. This account will apply to all vaults using SQL Server.
SQL Server must be configured with the Mixed Security or Standard Security modes to use a SQL Server account.
Configure the type of account used by Meridian
The type of account used by Meridian is controlled by the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Cyco\AutoManager Meridian\CurrentVersion\Installed DataStores\MSSQL_<ServerName>_WindowsAuthenticationMode
Where <ServerName> is the name of the computer running SQL Server. If the value of MSSQL_<ServerName>_WindowsAuthenticationMode is 1, then the account must be a local or domain user account (for example, DOMAIN\Administrator). If MSSQL_<ServerName>_WindowsAuthenticationMode is 0 (default), the account name must be a SQL Server account (for example, sa).
By default, Meridian will attempt to access SQL Server using the SQL Server account name sa and assumes no password is set for the account. Depending on which type of account you want to use, different methods are required to change the account and its password.
SQL Server credentials cannot be set with the Account property and Set Password button present in the EDM Server Properties dialog in the Meridian Enterprise Administrator as described in Configure the Windows Account Used By Meridian.
To configure a Windows account name to be used by Meridian to access SQL Server, see Configure the Windows Account Used By Meridian. To configure a SQL Server account name to be used by Meridian to access SQL Server, modify or create (if necessary) registry values in the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Cyco\AutoManager Meridian\CurrentVersion\Installed DataStores
The values are described in the following table:
Value | Type | Description |
---|---|---|
MSSQL_<ServerName>_ |
DWORD |
If this value is 1, then the account must be a local or domain user account. If this value is 0 (default), the account name must be a SQL Server account. |
MSSQL_<ServerName>_ |
STRING |
Account name to access SQL Server. Must be of the account type specified by MSSQL_<ServerName>_WindowsAuthenticationMode. |
MSSQL_<ServerName>_ |
BINARY |
Password for the account specified by MSSQL_<ServerName>_AccountName. |
Formatting the registry values
Review the following notes about formatting the registry values:
-
If SQL Server is located on the Meridian application server, <ServerName> may be omitted, so the values look like: MSSQL__WindowsAuthenticationMode, MSSQL__AccountName, and MSSQL__Password.
-
When <ServerName> is omitted, the value names must still contain two underscores.
-
The value of <ServerName> may be specified in any format accepted by SQL Server, for example, MyServer, \\MyServer, .\MyInstance, or tcp:MyServer\MyInstance,1433.
-
When no vaults yet exist on a separate SQL Server computer, the sa account must be used to create the initial vault. If the sa account has been deleted by a System Administrator to comply with your organization's security policy, the easiest way to create the initial vault is to temporarily create the sa account (with no password) on both the SQL Server computer and the EDM Server computer until after the initial vault has been created and then the account name changed and the sa account deleted again.
-
The value for MSSQL_<ServerName>_Password can be either a binary value (default) or a plain-text string value. You can secure a plain-text password by applying permissions to the Installed DataStores key with Registry Editor. Be aware that the account that the AutoManager EDM Server service is running under (SYSTEM, by default) must have full access to this value.