Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > focus-ms > 03 > 020394.html (Request Expert securityfocus.com Support)

RE: Restricting CmdExec Rights to Sysadmin

From: <ATarasul(at)SpencerStuart.com>
Date: Thu Feb 20 2003 - 14:56:51 EST

>From SQL Server Books Online
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql /in_overview_6k1f.asp?frame=true

Setting up Windows Services Accounts

SQL Server Agent need to be Member of the Administrators local group to Create CmdExec and ActiveScript jobs
belonging to someone other than a SQL Server administrator.

Solution - Change service accounts to run MSDE and SQLSERVERAGENT as low priviledge user account.
For MSDE use
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811

Regards

Alexander Tarasul, MCDBA, MCSD, MCSE,CISSP alex@tarasul.com
http:\\www.tarasul.com  

-----Original Message-----
From: Frank Heyne [mailto:fh@rcs.urz.tu-dresden.de] Sent: Wednesday, February 19, 2003 2:25 AM To: focus-ms@securityfocus.com
Subject: Restricting CmdExec Rights to Sysadmin

Do you need help?X

Hello,

MBSA does say it is a problem on a machine which has no SQL Server, but MSDE installed: "To secure your database, you should only allow members of the sysadmin role to execute CmdExec and ActiveScripting job steps."

Does anyone have any idea how to correct this problem? MBSA only has a solution for MS SQL Server, but the MSDE does not have an Enterprise Manager, and therefore the solution does not work.

I did already google for "Restricting CmdExec Rights to Sysadmin", but got only 4 hits, none of them for the MSDE.

Frank Heyne Received on Thu Feb 20 18:28:40 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:27 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library