have a look in the Books Online in MSDN. It should be possible to accomplish this using revoke, but I cannot give you the exact syntax. If you have plenty of time or a SQL Server installation you can revoke the rights using Enterprise Manager and run the Profiler while doing so. This will give you the Transact SQL Syntax you can use with the MSDN.
-----Ursprüngliche Nachricht-----
Von: Frank Heyne [mailto:fh (at) rcs.urz.tu-dresden (dot) de [email concealed]]
Gesendet: Mittwoch, 19. Februar 2003 09:25
An: focus-ms (at) securityfocus (dot) com [email concealed]
Betreff: Restricting CmdExec Rights to Sysadmin
Hello,
MBSA does say it is a problem on a machine which has no SQL Server,
but MSDE installed: "To secure your database, you should only allow
members of the sysadmin role to execute CmdExec and ActiveScripting
job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.
have a look in the Books Online in MSDN. It should be possible to accomplish this using revoke, but I cannot give you the exact syntax. If you have plenty of time or a SQL Server installation you can revoke the rights using Enterprise Manager and run the Profiler while doing so. This will give you the Transact SQL Syntax you can use with the MSDN.
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/acdata/
ac_8_con_03_9rar.asp
Regards,
Jens Mickerts
-----Ursprüngliche Nachricht-----
Von: Frank Heyne [mailto:fh (at) rcs.urz.tu-dresden (dot) de [email concealed]]
Gesendet: Mittwoch, 19. Februar 2003 09:25
An: focus-ms (at) securityfocus (dot) com [email concealed]
Betreff: Restricting CmdExec Rights to Sysadmin
Hello,
MBSA does say it is a problem on a machine which has no SQL Server,
but MSDE installed: "To secure your database, you should only allow
members of the sysadmin role to execute CmdExec and ActiveScripting
job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.
Frank Heyne
[ reply ]