From SQL Server Books Online
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql
/in_overview_6k1f.asp?frame=true
Setting up Windows Services Accounts
SQL Server Agent need to be Member of the Administrators local group to
Create CmdExec and ActiveScript jobs
belonging to someone other than a SQL Server administrator.
Solution - Change service accounts to run MSDE and SQLSERVERAGENT as low
priviledge user account.
For MSDE use
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811
Regards
Alexander Tarasul, MCDBA, MCSD, MCSE,CISSP
alex (at) tarasul (dot) com [email concealed]
http:\\www.tarasul.com
-----Original Message-----
From: Frank Heyne [mailto:fh (at) rcs.urz.tu-dresden (dot) de [email concealed]]
Sent: Wednesday, February 19, 2003 2:25 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Restricting CmdExec Rights to Sysadmin
Hello,
MBSA does say it is a problem on a machine which has no SQL Server, but
MSDE installed: "To secure your database, you should only allow members
of the sysadmin role to execute CmdExec and ActiveScripting job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.
From SQL Server Books Online
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql
/in_overview_6k1f.asp?frame=true
Setting up Windows Services Accounts
SQL Server Agent need to be Member of the Administrators local group to
Create CmdExec and ActiveScript jobs
belonging to someone other than a SQL Server administrator.
Solution - Change service accounts to run MSDE and SQLSERVERAGENT as low
priviledge user account.
For MSDE use
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811
Regards
Alexander Tarasul, MCDBA, MCSD, MCSE,CISSP
alex (at) tarasul (dot) com [email concealed]
http:\\www.tarasul.com
-----Original Message-----
From: Frank Heyne [mailto:fh (at) rcs.urz.tu-dresden (dot) de [email concealed]]
Sent: Wednesday, February 19, 2003 2:25 AM
To: focus-ms (at) securityfocus (dot) com [email concealed]
Subject: Restricting CmdExec Rights to Sysadmin
Hello,
MBSA does say it is a problem on a machine which has no SQL Server, but
MSDE installed: "To secure your database, you should only allow members
of the sysadmin role to execute CmdExec and ActiveScripting job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.
Frank Heyne
[ reply ]