Security Baseline Analyzer

• Previous message: John Bell: "Re: Encryption"
• In reply to: Bosko Maksimovic: "Security Baseline Analyzer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 29 Jun 2003 04:51:12 -0700

I believe 1. means that they want you to take the
everyone group out of the folder permissions but the good
thing about the MSBA is it gives you links on all its
reccomendations.

I believe 2 is just saying that you don't need to have
the service accounts members of the domain admins.

HTH

Ray Higdon MCSE, MCDBA, CCNA

>-----Original Message-----
>Good evening/morning,
>
>I'm using the Baseline Analyzer to help in securing a SBS
>2000 server. I implemented the advice of creating a
>dedicated SQL Server account and setting the SQLSERVER
and
>SQLAgent services to start up with that account. Upon
>doing so the SBA reported the errors listed below... Any
>insight on why the errors occur would be appreciated!
>
>1. ISSUE: Folder Permissions
>
>RESULT: Permissions on the SQL Server installation
folders
>are not set properly.
>
>ERROR IN DETAIL: USER - Invalid SID returned by the OS
>
>2. ISSUE: Service Accounts
>
>RESULT: SQL Server and/or SQL Server Agent Services
>accounts are members of the local Administrators group or
>run as LocalSystem.
>
>ERROR: This is a Domain Account. Baseline Security
>Analyzer cannot determine whether it belongs to the
Domain
>Admins group due to the following error: 122 The data
area
>passed to a system call is too small.
>
>
>Thank you for your time in advance!
>
>Sincerely,
>Bosko Maksimovic
>
>
>.
>

• Previous message: John Bell: "Re: Encryption"
• In reply to: Bosko Maksimovic: "Security Baseline Analyzer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Domain Groups For Clustering Service ???? SQL Server 2005 ... You need to manually add the service accounts you specify during setup into ... services then just add that to each of the 3 domain groups you create. ... Jasper Smith (SQL Server MVP) ... (microsoft.public.sqlserver.clustering) Re: Sql server 2005 clustered service group ... I always do this as part of cluster setup (prepoulate the groups with the ... Jasper Smith (SQL Server MVP) ... add accounts to the domain groups. ... needs rights to add the service accounts to the domain group ... (microsoft.public.sqlserver.setup) Re: Sql server 2005 clustered service group ... Jasper Smith (SQL Server MVP) ... administrator for the names of existing domain groups, ... add accounts to the domain groups. ... needs rights to add the service accounts to the domain group ... (microsoft.public.sqlserver.setup) Re: I cant add a user from another computer to my security tab Group or user names box ... To set, view, change, or remove file and folder permissions, ... the group or of the user that you want to set permissions ... user name and password to the accounts of the users on the ... Keep in mind that in a workgroup, ... (microsoft.public.windowsxp.security_admin) Re: How to change service accounts on a cluster ... Configuration manager is the correct tool. ... Microsoft SQL Server MVP ... to use SQL Configuration Manager to change the service accounts. ... (microsoft.public.sqlserver.clustering)