Re: SQLServer2005MSSQLUser - Using Sledgehammer to crack a peanut?
- From: Sue Hoegemeier <Sue_H@xxxxxxxxxxxxx>
- Date: Mon, 16 Jul 2007 20:19:13 -0600
Look at the group in SQL Server. Note that members of this
group are in the sysadmin group by default.
Those groups are created by the installation for the service
accounts for the various services. That one in particular is
for the SQL Server logon account. Members of this group also
have additional permissions on the server itself.
If they had you add all users to that group, they just had
you make everyone a sysadmin on that SQL Server box and give
the extra OS permissions needed by the service account. And
yes that is a huge security risk.
I can't think of any reasonable explanation as to why
someone would do that. I can think of reasons, but nothing
reasonable.
-Sue
On Mon, 16 Jul 2007 17:44:01 -0700, Paul Miller <Paul
Miller@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Recently a 3rd Party Application was installed on a couple of client PCs, and
a database was added to our SQL server.
The guy who came to do the installation said we needed to add our
"Domain\Users" account to the
SQLServer2005MSSQLUser$Server$SQLInstance Group.
I'm afraid by doing this we have given way too much access to our SQL server
to all users, but I'm not 100%.
Could someone please let me know if we have created a huge security risk,
and if possible, a reason why, so I can throw it back at the 3rd Party?
Thanks very much
.
- Prev by Date: Re: How to disconnect a user from SQL Server 2000
- Next by Date: sql2005 enforce user change password in 30 days
- Previous by thread: Re: How to disconnect a user from SQL Server 2000
- Next by thread: sql2005 enforce user change password in 30 days
- Index(es):
Relevant Pages
|
