Re: All users can start and stop SQL Server?

From: Geoff N. Hiten (SQLCraftsman_at_gmail.com)
Date: 02/25/05

Next message: Jim: "Security Problem - Permission denied"
Previous message: Riki: "All users can start and stop SQL Server?"
In reply to: Riki: "All users can start and stop SQL Server?"
Next in thread: Riki: "Re: All users can start and stop SQL Server?"
Reply: Riki: "Re: All users can start and stop SQL Server?"
Reply: Simon: "Re: All users can start and stop SQL Server?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 25 Feb 2005 09:41:13 -0500

Sounds normal. Removing the role prevented them from accessing the data
within the SQL server. SQL runs as a service and any local administrator
can stop and start any service. Treat it as a learning opportunity.
Learning to be careful when you are a local administrator on a SQL server
host computer is a very important skill.

-- 
Geoff N. Hiten
Microsoft SQL Server MVP
Senior Database Administrator
Careerbuilder.com
I support the Professional Association for SQL Server
www.sqlpass.org
"Riki" <riki@bounce.com> wrote in message
news:ueJ$t9zGFHA.1528@TK2MSFTNGP09.phx.gbl...
> I work for a training center and we have the following scenario:
> SQL Server 2000 SP3A is installed on 10 computers in our classroom, under
> Windows 2000 SP4 Professional.
> The students log on with their own user name.
> They are member of the local Administrators group (we trust them on their
> own machine).
>
> They are also member of the sysadmin role on their own SQL Server.
> We removed the BUILTIN/Administrators login on every SQL Server.
>
> The students cannot access any database on the other machines, which is
OK.
> But by playing around, they discovered that they are still able to start
and
> stop any of the other servers.
>
> Is this normal?
> Did I overlook something?
> What should I do to prevent this?
>
> Riki
>
>

Next message: Jim: "Security Problem - Permission denied"
Previous message: Riki: "All users can start and stop SQL Server?"
In reply to: Riki: "All users can start and stop SQL Server?"
Next in thread: Riki: "Re: All users can start and stop SQL Server?"
Reply: Riki: "Re: All users can start and stop SQL Server?"
Reply: Simon: "Re: All users can start and stop SQL Server?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: sms 2003 installation finish but Site Status is empty
... remember that you need to modify the local administrator group on the ... SQL server, not on the SMS box. ... computer account has adequate credentials" section in this document: ...
(microsoft.public.sms.setup)
RE: Installing sql 6.5 on Windows 2000 server
... Make sure that the SQL Server and Agent account have local administrator ... I got a message "The SQL Server ... The local computer may not have the necessary registry information or ...
(microsoft.public.sqlserver.setup)
Re: Scheduled Package Results Contradictory
... Is that a local administrator? ... Is there Network access involved in your package? ... The job is owned by the adminstrator id of the SQL server. ... batch file doesn't work.. ...
(microsoft.public.sqlserver.dts)
Re: All users can start and stop SQL Server?
... Riki's problem as I see it is that the local Admin on Machine B can stop and ... irrespective of SQL Server rights, they shouldn't be able to affect another ... SQL runs as a service and any local administrator ... >> The students log on with their own user name. ...
(microsoft.public.sqlserver.security)
All users can start and stop SQL Server?
... Windows 2000 SP4 Professional. ... The students log on with their own user name. ... They are also member of the sysadmin role on their own SQL Server. ...
(microsoft.public.sqlserver.security)