Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Thu Feb 20 2003 - 13:56:51 CST
From SQL Server Books Online
Setting up Windows Services Accounts
SQL Server Agent need to be Member of the Administrators local group to
Create CmdExec and ActiveScript jobs
belonging to someone other than a SQL Server administrator.
Solution - Change service accounts to run MSDE and SQLSERVERAGENT as low
priviledge user account.
For MSDE use
Alexander Tarasul, MCDBA, MCSD, MCSE,CISSP
From: Frank Heyne [mailto:fhrcs.urz.tu-dresden.de]
Sent: Wednesday, February 19, 2003 2:25 AM
Subject: Restricting CmdExec Rights to Sysadmin
MBSA does say it is a problem on a machine which has no SQL Server, but
MSDE installed: "To secure your database, you should only allow members
of the sysadmin role to execute CmdExec and ActiveScripting job steps."
Does anyone have any idea how to correct this problem?
MBSA only has a solution for MS SQL Server, but the MSDE does not
have an Enterprise Manager, and therefore the solution does not work.
I did already google for "Restricting CmdExec Rights to Sysadmin",
but got only 4 hits, none of them for the MSDE.