|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
ATarasul_at_SpencerStuart.com
Date: Thu Feb 20 2003 - 13:56:51 CST
From SQL Server Books Online
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql
/in_overview_6k1f.asp?frame=true
Setting up Windows Services Accounts
SQL Server Agent need to be Member of the Administrators local group to
Create CmdExec and ActiveScript jobs
belonging to someone other than a SQL Server administrator.
Solution - Change service accounts to run MSDE and SQLSERVERAGENT as low
priviledge user account.
For MSDE use
http://support.microsoft.com/default.aspx?scid=kb;en-us;283811
Regards
Alexander Tarasul, MCDBA, MCSD, MCSE,CISSP
alex
tarasul.com
http:\\www.tarasul.com
-----Original Message-----
From: Frank Heyne [mailto:fhrcs.urz.tu-dresden.de]
Sent: Wednesday, February 19, 2003 2:25 AM
To: focus-mssecurityfocus.com
Subject: Restricting CmdExec Rights to Sysadmin
Hello,
MBSA does say it is a problem on a machine which has no SQL Server, but
MSDE installed: "To secure your database, you should only allow members
of the sysadmin role to execute CmdExec and ActiveScripting job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.
Frank Heyne
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]