Installing and Setting Up Microsoft SQL Server Express

About this task

This section provides information for administrators with limited experience with Microsoft SQL Server. The following steps assume you do not have Microsoft SQL Server installed and guides you through downloading and configuring the free Microsoft SQL Server Express edition.

Tip: Install Microsoft SQL Server on a separate server or VM for best performance.

Downloading and Installing Microsoft SQL Server Express and Microsoft SQL Server Management Studio

Before you begin

  • Decide where to install Microsoft SQL Server.
  • Note the connection string as it appears in the installation process. You need it later when installing SOTI Connect.
Important: Close Windows Services and Task Manager applications before installing.

Procedure

  1. Download Microsoft SQL Server 2019 Express to your local machine.
    Note: If you encounter installation issues, update Windows and reboot. Repeat updating and rebooting until there are no more updates to install.
    Note: You may need to restart Microsoft SQL Server multiple times during the installation process for security changes to take effect.
  2. Run the Microsoft SQL Server Express installer .exe file on your local machine.
  3. Select the Basic installation type to download Microsoft SQL Server Express and all related utilities.

    SQL Server 2019 Express Edition Basic installation selection

  4. Accept the license terms and conditions. Keep the default installation location (on the C: drive), then select Install.Installing Microsoft SQL Server Express
    The installer downloads and installs all the required Microsoft SQL Server Express packages. When everything has installed successfully, a notification page similar to the following displays:
    SQL Server successful installation notification page
    Note: Take note of the Server value in the Connection String field (red box). You need it when installing SOTI Connect
  5. On the installation successful notification page, select the Install SSMS button (yellow box in screenshot above) to download and install Microsoft SQL Server Management Studio.
  6. When the Microsoft SQL Server Management Studio installation .exe file finishes downloading, run the .exe file. In the installer window, select where you want to install the Microsoft SQL Server Management Studio. Keep the default installation location on the C: drive.
  7. Select Install.

    SQL Server Management Studio main installation page

    When the installation completes, the Setup Completed screen displays.
  8. Close all applications and restart the server or VM.

Configuring Microsoft SQL Server to Work with SOTI Connect

Procedure

  1. Open the Microsoft SQL Server Management Studio.
  2. Establish a connection to the Microsoft SQL Server instance by entering the Server value in the Connection String you noted in Step 4. of the Downloading and Installing Microsoft SQL Server Express and Microsoft SQL Server Management Studio section.
  3. Select Connect.

    SQL Server Connect to Server dialog box

  4. Microsoft SQL Server connects successfully, and the instance name displays.
    SQL Server instance appearing in Object Explorer list
  5. Right-click the instance name and select Properties.

    SQL instance right-click menu with Properties selection highlighted

  6. In the left panel, select Security.
  7. In the Server Properties panel, select SQL Server and Windows Authentication mode in the Server authentication section. Select OK to save your changes.

    SQL Server properties screen with authentication mode selected

  8. Decide whether you want to use a local SQL account or a Windows account for authentication. The following steps describe configuring a local account.
  9. Expand the Security folder and right-click Logins.
  10. Select New Login.

    SQL Server New Login selected

  11. Enter a Login name, in this example Login name is SQLConnect.
  12. Select SQL Server authentication, and create a password for the login.
    Entering a SQL Server password
  13. In the left panel, select Server Roles, select the sysadmin checkbox, and select OK.

    Sysadmin checkbox selected in the New Login screen

  14. A new local login account is created and displays under the Logins header in the left panel.
    List of new SQL logins
    Important: Use this login for your database when you install SOTI Connect.
  15. Ensure NT AUTHORITY\SYSTEM has the sysadmin role assigned to it. Right-click NT AUTHORITY\SYSTEM and select Properties. Select the sysadmin checkbox under Server Roles.
    Note: Use this login if installing SOTI Connect using Windows Authentication. If the database runs on a remote server, the login is not be NT Authority\System. It is MachineName$ (for example, domainname\computername).
  16. Keep Microsoft SQL Server Management Studio running, then run the Microsoft SQL Server Configuration Manager utility, included as part of Microsoft SQL Server Express.
  17. In the Microsoft SQL Server Configuration Manager utility, expand SQL Server Network Configuration and select Protocols for SQLEXPRESS.
    Note: Select the correct protocol for your SOTI Connect instance if it is different than Protocols for SQLEXPRESS.

    SQL Server protocol screen

  18. Right-click the TCP/IP protocol and enable the TCP/IP protocol.
  19. Right-click the TCP/IP protocol again and then select Properties. The TCP/IP Properties panel displays.
  20. In the TCP/IP Properties panel, select the IP Addresses tab, empty any IP TCP Dynamic Ports fields and set the IPAII TCP Port to 1433.
    Selection screen for TCP/IP protocol
  21. Select Apply, then select OK.
  22. Restart your Microsoft SQL Server instance and Microsoft SQL Server Management Studio to apply your changes.

SQL Server Security Notes

The following information discusses securing access to the database and minimizing permissions.

The installation of SOTI Connect, requires more database privileges than needed for normal working operation. You should reduce the level of access after the installation of Microsoft SQL Server is complete. Use the following table as a reference to the required access levels after the installation is complete.

Operation Required Database Privileges
Installing or upgrading Sysadmin. The SA account is a super admin with permissions for any scenario.
Normal working operation db_owner.
Service running as local system with DB installed on the same server Local System > NT AUTHORITY\System.

The service runs on the computer with this permission.

Note: NT needs Sysadmin during an upgrade.
Service running as local system with the DB installed on a remote server db_owner.

UsingMicrosoft SQL Server, add the user or the group containing the user to the db_owner role.

Note: The database does not use the local system or NT AUTHORITY\System, but becomes MachineName$ (for example, domainname\computername).
Service running as a service account Ensure the user account is also in the DB as an account with the correct permissions.

For example, if the user account samplecompany/ConnectMDM is running the service, ConnectMDM with the domain samplecompany, the account must be given the needed permissions.

If you used the Microsoft SQL Server authentication option (for example, when you created the SQLConnect login in the example above), you should remove the sysadmin role after completing the SOTI Connect installation. You should also confirm that the SQLConnect login has db_owner user mappings for all the SOTI Connect databases.

Note: You must restore the sysadmin role to the SQLConnect user before running the SOTI Connect installer again.

If you used the Windows authentication method to install SOTI Connect, you should remove the sysadmin role from the NT AUTHORITY/SYSTEM login. You should also confirm that this login has db_owner user mappings for all the SOTI Connect databases.

Microsoft SQL Server stores the SOTI Connect databases. Creating, updating, and deleting a database is associated with its owner service. When uninstalling SOTI Connect, you can either retain all the databases or just the 'SotiConnectDeviceStateHistory' and 'SotiConnectLoggingService' databases.
Important: Due to the possible encryption of some files, you must retain the File Store database to keep access to File Store files after uninstalling SOTI Connect.

You should also remove the sysadmin role from the user who ran the SOTI Connect installer. You must restore the sysadmin role to that user before running the SOTI Connect installer again.