Installing the reporting database in a custom folder with SQL Server 2012 or later

Applies to:

  • Forcepoint Web Security and Forcepoint URL Filtering, v8.5.x
  • Forcepoint DLP, v8.5.x, v8.6.x, v8.7.x, 8.8.x, v8.9.x, v9.0, v10, v10.1, v10.2
  • Forcepoint Email Security, v8.5.x
  • Forcepoint appliances, v8.5.x
Starting with Microsoft SQL Server 2012, the database engine service must have access permissions for the folder where database files are stored. This affects the:
  • Log Database for web protection solutions
  • Forcepoint DLP Incident and Configuration Database
  • Log Database for email protection solutions

If you want to store your reporting database or databases in any folder other than the SQL Server default folder (C:\Program Files\Microsoft SQL Server), you must:

  1. Create the custom folder.
  2. Grant the database engine service full permissions to the custom folder.
  3. Install your Forcepoint management server and (for web and email protection solutions) Log Server components.

If you do not grant the database engine service the necessary permissions, the installer will not be able to create the reporting database or databases, and some components may fail to install, or be installed incorrectly.

To grant the proper permissions to the database engine service:
  1. In Windows Explorer, right-click the custom folder that you created to hold the reporting database or databases and select Properties.
  2. On the Security tab, click Edit, then Add.
  3. Make sure the hostname of the SQL Server machine appears in the “From this location” field of the Select Users... dialog box.

    If the correct host is not selected, click Locations, then select SQL Server host machine and click OK.

  4. In the Enter the object names... text box, enter the SID of the SQL Server service:
    1. The default instance SID is NT SERVICE\MSSQLSERVER.
    2. Use the format NT SERVICE\MSSQL$InstanceName for a named instance.
  5. Click Check Names to validate the SID. If the validation fails:
    1. Click OK in the pop-up box to open the Multiple Names Found dialog box.
    2. Select the correct SID, then click OK.
    3. Click OK again to return to the Permissions dialog box.
  6. In the Group or user names list, select the SID you just added, then mark the Allow check box under Full control in the Permissions list.
  7. Click Apply, and then click OK twice to exit.