Re: Deleting BUILTIN\Administrators
From: SQL Server Development Team [MS] (sqldev@microsoft.com)
Date: 12/02/02
- Next message: SQL Server Development Team [MS]: "Re: SQLServer logs+ip addresses"
- Previous message: SQL Server Development Team [MS]: "Re: Enterprise Manager and Windows Account"
- In reply to: Sonya: "Deleting BUILTIN\Administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "SQL Server Development Team [MS]" <sqldev@microsoft.com> Date: Mon, 2 Dec 2002 10:12:27 -0800
You should probably read the security whitepaper at
http://www.microsoft.com/sql/techinfo/administration/2000/securityWP.asp
You'll want to make sure that the service accounts for the MSSQLServer and
SQLServerAgent services are valid logins (localsystem is "[nt
authority\system]") and you must add the localsystem login and make it a
sysadmin if you want full-text search to work.
-Richard Waymire
-- This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm. "Sonya" <sbennett@sytecpa.org> wrote in message news:17ac001c2955f$845ec3f0$8af82ecf@TK2MSFTNGXA03... > On the advice of "Admin 911 SQL Server 2000" > (Osborne/McGraw-Hill 2001), I deleted my > BUILTIN\Administrators account (an alleged security risk), > and set the SQL Server login account to a domain user with > system admininistrator rights. The author warned that the > SQL Server Agent would no longer start if the service was > being started with the sa account, and I made sure that I > followed his directions to change it to a domain user with > sysadmin rights. I stopped and started SQL Server, but > the SQL Server Agent wouldn't restart. After a short > panic period and a few different attempts to resolve the > problem, I was able to get the SQL Server Agent going > again. I first re-entered the BUILTIN\Administrator > account, but that still did not allow me to restart the > SQL Server Agent. I was finally able to restart SQL Server > Agent by going into the Services folder and restarting it > from there. So, I'm back where I started from, but I > probably aged considerably in the process. :-) > > I suspect that the difficulty I encountered was due to the > fact that I am operating in Mixed Mode, and, even though > the Admin 911 author didn't specify, the directions he > gave were likely for operating in a Windows Only Mode. > However, I'm not even sure about that theory. I did try > the process out on my personal edition (which is also set > up in Mixed Mode)of SQL Server 2000 prior to making the > change on our standard edition, and the author's > instructions worked perfectly there. > > One other odd thing that I noticed is that, try as I > might, I was not able to successfully reset the SQL Server > login to the desired domain account (with sysadmin > rights). It would accept the assignment I gave it, but > upon re-inspection, the account would always bounce back > to sa. > > Any comments would be greatly appreciated. > > Thanks, > > Sonya
- Next message: SQL Server Development Team [MS]: "Re: SQLServer logs+ip addresses"
- Previous message: SQL Server Development Team [MS]: "Re: Enterprise Manager and Windows Account"
- In reply to: Sonya: "Deleting BUILTIN\Administrators"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
Loading
