Re: Any valid login can access Enterprise Manager
- From: "Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 07:42:47 -0600
2. Though cannot change any objects, but can
- 1. view all system objects (logins, DTS etc)
You can disable the msdb guest user (EXEC msdb..sp_dropuser 'guest') to
prevent access to msdb. This will prevent viewing DTS packages. See
http://support.microsoft.com/default.aspx?scid=kb;en-us;282463.
You can 'REVOKE SELECT FROM syslogins' to prevent non privileged users from
enumerating logins via EM.
3. STOP SQL Server Agent
4. RESTART SQL SERVER!!!!
The ability to stop and start services is controlled through Windows
permissions, not SQL Server security. If the account is a member of the
Windows 'Administrators' or 'Power Users' groups, then the user can stop and
start services using any tool or command. EM will not allow non-privileged
users to stop/start services.
--
Hope this helps.
Dan Guzman
SQL Server MVP
"Oddie" <Oddie@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:2DB045CF-4B2F-4493-BEB5-FA684D5800A1@xxxxxxxxxxxxxxxx
Hi.
When creating a SQL Server2000 login (NT Authen) with read-only rights to
user tables in a user database, this very same login can:
1. Login into EM
2. Though cannot change any objects, but can
- 1. view all system objects (logins, DTS etc)
3. STOP SQL Server Agent
4. RESTART SQL SERVER!!!!
This all seem to be traced back to the fact every login is a member of the
PUBLIC role, and the PUBLIC role allow u to do all of the above!!!
Can anyone tell me how to:
1. Prevent user (not DBA, DBO's etc) login into EM???
2. Prevent user login into QA???
Cheers!
.
- Prev by Date: Re: SQL2005 Allow Login Limited Visibility
- Next by Date: Re: SQL2005 Allow Login Limited Visibility
- Previous by thread: Re: NT AUTHORITY\SYSTEM SQL Server 2005
- Next by thread: Re: Any valid login can access Enterprise Manager
- Index(es):
Relevant Pages
|
