Installing and Setting Up Microsoft SQL Server Express

About this task

This section provides information for administrators inexperienced with Microsoft SQL Server. The following steps assume you do not have Microsoft SQL Server installed. The following steps will guide you through downloading and configuring the free Microsoft SQL Server Express edition.

Tip: Install Microsoft SQL Server on a separate server or a Virtual Machine (VM) for best performance.

Step 1: Downloading and Installing Microsoft SQL Server Express and Microsoft SQL Server Management Studio

Before you begin

  • Decide where to install Microsoft SQL Server.
Important: Close Windows Services and Task Manager applications before installing.

Procedure

  1. Download Microsoft SQL Server 2019 Express to your local machine.
    Troubleshooting: If you face installation issues, update Windows and reboot. Repeat updating and rebooting until there are no more updates to install.
    Note: You may need to restart Microsoft SQL Server more than once to ensure the security changes take effect during the installation process.
  2. Run the Microsoft SQL Server Express installer .exe file on your local machine.
  3. Select the Basic installation type to download Microsoft SQL Server Express and all related utilities.

    SQL Server 2019 Express Edition Basic installation selection

  4. Accept the license terms and conditions. Keep the default installation location (on the C: drive), then select Install.Installing Microsoft SQL Server Express
    The installer downloads and installs all the required Microsoft SQL Server Express packages. When everything has completed successfully, a notification page similar to the following displays:
    SQL Server successful installation notification page
    Important: Take note of the Server value in the Connection String field (red box). You need it when installing SOTI Connect
  5. On the installation successful notification page, select the Install SSMS button (yellow box in screenshot above) to download and install Microsoft SQL Server Management Studio.
  6. When the Microsoft SQL Server Management Studio installation .exe file finishes downloading, run the .exe file. In the installer window, select where you want to install the Microsoft SQL Server Management Studio. Keep the default installation location on the C: drive.
  7. Select Install.

    SQL Server Management Studio main installation page

    When the installation completes, the Setup Completed screen displays.
  8. Close all applications and restart the server or Virtual Machine (VM).

Step 2: Configuring Microsoft SQL Server to Work with SOTI Connect

Procedure

  1. Open the Microsoft SQL Server Management Studio.
  2. Establish a connection to the Microsoft SQL Server instance by entering the Server value in the Connection String you noted in Step 4 of Downloading and Installing Microsoft SQL Server Express and Microsoft SQL Server Management Studio section.
  3. Select Connect.

    SQL Server Connect to Server dialog box

  4. Microsoft SQL Server connects successfully, and the instance name displays.
    SQL Server instance appearing in Object Explorer list
  5. Right-click the instance name and select Properties.

    SQL instance right-click menu with Properties selection highlighted

  6. In the left panel, select Security.
  7. In the Server Properties panel, select SQL Server and Windows Authentication mode in the Server authentication section. Select OK to save your changes.

    SQL Server properties screen with authentication mode selected

  8. Decide whether you want to use a local SQL account or a Windows account for authentication. The following steps describe configuring a local account.
  9. Expand the Security folder and right-click Logins.
  10. Select New Login.

    SQL Server New Login selected

  11. Enter a Login name, in this example Login name is SQLConnect.
  12. Select SQL Server authentication, and create a password for the login.
    Entering a SQL Server password
  13. In the left panel, under Server Roles, select the sysadmin checkbox and select OK.

    Sysadmin checkbox selected in the New Login screen

  14. Under the Logins header in the left panel, the setup automatically creates a new local login account.
    List of new SQL logins
    Important: Use this login for your database when you install SOTI Connect.
  15. Check NT AUTHORITY\SYSTEM has the sysadmin role assigned to it. Right-click NT AUTHORITY\SYSTEM and select Properties. Select the sysadmin checkbox under Server Roles.
    Important: Use this login if installing SOTI Connect using Windows Authentication. If the database runs on a remote server, the login will not be NT Authority\System. It will be the MachineName$ (for example, domainname\computername).
  16. Keep Microsoft SQL Server Management Studio running, then run the Microsoft SQL Server Configuration Manager utility, included as part of Microsoft SQL Server Express.
  17. In the Microsoft SQL Server Configuration Manager utility, expand SQL Server Network Configuration and select Protocols for SQLEXPRESS.
    Note: Select the correct protocol for your SOTI Connect instance if it is different than Protocols for SQLEXPRESS.

    SQL Server protocol screen

  18. Right-click the TCP/IP protocol and enable the TCP/IP protocol.
  19. Right-click the TCP/IP protocol again and then select Properties. The TCP/IP Properties panel displays.
  20. In the TCP/IP Properties panel, select the IP Addresses tab, empty any IP TCP Dynamic Ports fields and set the TCP Port to 1433.
    Selection screen for TCP/IP protocol
  21. Select Apply, then select OK.
  22. Restart your Microsoft SQL Server instance and Microsoft SQL Server Management Studio to apply your changes.

SQL Server Security Notes

The following information discusses securing access to the database and minimizing permissions.

The installation of SOTI Connect requires more database privileges than needed for regular working operations. You should reduce the level of access after the installation of Microsoft SQL Server is complete. Use the following table to reference the required access levels after the installation is complete.

Operation Required Database Privileges
Installing or upgrading Sysadmin. The SA account is a super admin with permissions for any scenario.
Normal working operation db_owner.
Service running as a local system with DB installed on the same server Local System > NT AUTHORITY\System.

The service runs on the computer with this permission.

Note: NT needs Sysadmin during an upgrade.
Service running as a local system with the DB installed on a remote server db_owner.

Using Microsoft SQL Server, add the user or the group containing the user to the db_owner role.

Note: The database does not use the local system or NT AUTHORITY\System, but becomes MachineName$ (for example, domainname\computername).
Service running as a service account Make sure the user account is also in the DB as an account with the correct permissions.

For example, if the user account samplecompany/ConnectMDM is running the service, ConnectMDM with the domain samplecompany, the account must have the required permissions.

If you used the Microsoft SQL Server authentication option (for example, when you created the SQLConnect login in the example above), you should remove the sysadmin role after completing the SOTI Connect installation. You should also confirm that the SQLConnect login has the db_owner user mappings for all the SOTI Connect databases.

Remember: You must restore the sysadmin role to the SQLConnect user before running the SOTI Connect installer again.

If you used the Windows authentication method to install SOTI Connect, you should remove the sysadmin role from the NT AUTHORITY/SYSTEM login. You should also confirm that this login has db_owner user mappings for all the SOTI Connect databases.

Microsoft SQL Server stores the SOTI Connect databases. The owner service is responsible for creating, updating, and deleting a database. When uninstalling SOTI Connect, you can retain all the databases or just the SotiConnectDeviceStateHistory and SotiConnectLoggingService databases.
Important: Due to the possible encryption of some files, you must retain the File Store database to keep access to File Store files after uninstalling SOTI Connect.
CAUTION: As the database grows bigger, user must manually shrink the database to get rid of unused space.

You should also remove the sysadmin role from the user who ran the SOTI Connect installer. You must restore the sysadmin role to that user before running the SOTI Connect installer again.