Console.WriteLine( "All Things .NET" );
2.14.2005
SQL Server account
(not exactly .NET related, but relevant to current times)
Now that I re-discovered xp_cmdshell, I'm paranoid about the security implications. The SQL install defaults to run the service as local system in the administrators group. Therefore, xp_cmdshell has all the privs of an administrator.
Here's an article that talks about the privileges needed if you change to a non-admin account for the service.
Apparently it is recommended to use SQL Enterprise Manager to make the "run as" change, so SQLEM will go through and add the right permissions to directories, registry keys, etc. If you do not use SQLEM (i.e. use control panel, services applet), then the article walks you through what else to change.
How to change the SQL Server or SQL Server Agent Service account without using SQL Enterprise Manager in SQL Server 2000
Now that I re-discovered xp_cmdshell, I'm paranoid about the security implications. The SQL install defaults to run the service as local system in the administrators group. Therefore, xp_cmdshell has all the privs of an administrator.
Here's an article that talks about the privileges needed if you change to a non-admin account for the service.
Apparently it is recommended to use SQL Enterprise Manager to make the "run as" change, so SQLEM will go through and add the right permissions to directories, registry keys, etc. If you do not use SQLEM (i.e. use control panel, services applet), then the article walks you through what else to change.
How to change the SQL Server or SQL Server Agent Service account without using SQL Enterprise Manager in SQL Server 2000
posted by dan @ 2:33 PM | 0 comments | PermaLink URL |
Comments:
Post a Comment
