Error 5133 - Access Denied When Creating SQLServer Database in Windows Directory

[vbamagician]

Issue

Encountered error 5133 (Access is denied) when attempting to create a database in the default SQL Server data directory C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER01\MSSQL\DATA.

Error Details

Directory lookup for the file "C:\Program Files\Microsoft SQL Server\MSSQL16.MSSQLSERVER01\MSSQL\DATA\YourDatabaseName.mdf" failed with the operating system error 5(Access is denied.). CREATE DATABASE failed. Some file names listed could not be created. Check related errors. (Microsoft SQL Server, Error: 5133)

Steps to Reproduce (if applicable)

1. Installed SQL Server on [Specify OS].
2. Attempted to create a new database using SQL Server Management Studio (SSMS).
3. Received error 5133 with "Access is denied" when specifying the default data directory.

Expected Behavior

• The database creation should succeed without permission issues when using the default SQL Server data directory.

Actual Behavior

• Encountered error 5133 with "Access is denied" during database creation.

Resolution

Ran SQL Server Management Studio (SSMS) as an administrator and successfully created the database. However, this is not a recommended practice due to potential security and organizational considerations.

System Information

• SQL Server Version: 2022
• Operating System: Windows 10

Suggested Improvements

1. Provide clearer error messages when encountering permission issues during database creation.
2. Update documentation to highlight best practices for user database file locations.
3. Evaluate and improve default directory permissions during SQL Server installation.

Feel free to adapt this template to your specific experience and system details. This template includes information about the encountered issue, steps to reproduce, expected and actual behavior, the resolution, system information, and suggested improvements.

[vbamagician]

Resolution

Upon encountering error 5133 with "Access is denied" during the database creation process, the following steps were taken to address the issue:

1. Run SQL Server Management Studio (SSMS) as Administrator:

   • SSMS was executed with elevated administrative privileges by right-clicking on the SSMS icon and selecting "Run as administrator."

2. Ensure SQL Server Service Account Permissions:

   • Following best practices, NTFS permissions were reviewed and modified to ensure that the SQL Server service account had the necessary access rights to the target directory. This involved the following steps:

     • Open Windows Explorer:

     • Navigated to the directory where the SQL Server database files were intended to be stored.

     • Right-Click on the Directory:

     • Right-clicked on the directory and selected "Properties" from the context menu.

     • Navigate to the "Security" Tab:

     • In the properties window, the "Security" tab was accessed to view the list of users and groups with associated permissions.

     • Add the SQL Server Service Account:

     • Clicked on the "Edit" or "Advanced" button to modify permissions.

     • The SQL Server service account (in the form of "NT SERVICE\MSSQLSERVER" or "DOMAIN\SQLServerServiceAccount") was added to ensure that the SQL Server process had the necessary permissions to read, write, and modify files within the directory.

     • Grant Permissions:

     • Granted the SQL Server service account the necessary permissions, including Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write.

     • Apply the Changes:

     • Clicked "OK" or "Apply" to apply the changes to the permissions.

     • Confirm Changes:

     • After applying the changes, verified that the SQL Server service account had the desired permissions.

3. Successful Database Creation:

   • After ensuring appropriate NTFS permissions, attempted to create the database again. The database creation process was successful, and the error 5133 was resolved.

Significance of Adding the SQL Server Service Account

Adding the SQL Server service account to the directory's permissions is crucial because:

• Service Account Access: SQL Server uses a service account to run its processes. Adding this account ensures that SQL Server has the necessary permissions to read from and write to the specified directory.

• Operating System Interaction: SQL Server interacts with the operating system to create and manage database files. Granting permissions to the service account allows SQL Server to perform these file operations successfully.

• Database Creation: During the database creation process, SQL Server needs to create and manage files in the specified directory. Without proper permissions for the service account, the operating system raises an "Access is denied" error (error 5133).

Considerations and Recommendations

While modifying NTFS permissions addresses the immediate issue, it is essential to adhere to security best practices and organizational policies. Care should be taken to grant only necessary permissions to avoid potential security risks.

Next Steps

Consider moving the user database to a more suitable directory and continue following best practices for security, maintenance, and backup management.

System Information

• SQL Server Version: 2022
• Operating System: Windows 10