Hello everybody,
I'm currently securing a w2k box according to some recommendations
made by a company that audited our server.
Now among their recommendations is to remove the following rights from
the sql-server account. (The SQL Server runs under its own 'user
account' and in mixed mode)
According to them I should remove these permissions:
- Act as part of the Operating System
- Replace a process level token
- Increase quotas
- Log on as batch job
- Log on as service
I've browsed the web and found some documents, however none could
really answer which SQL-Features depend on these services.
Maybe someone in this forum has some experience or helpful urls.
Thanks very much.
the document:
SQL Server 2000 C2 Administrator's and User's Security Guide
at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/maintain/security/sqlc2.asp
somehow mentions that these four services are necessary, but not why.
* Act as part of the operating system.
* Increase quotas.
* Replace a process-level token.
* Log on as a service.Hallo Beat(e) M=FCller,
at first you must NOT REMOVE the right
- Log on as service (The sql-Server does not start anymore!)
second the others you may try but I do not suggest it. Please look at
http://www.microsoft.com/sql/techinfo/administration/2000/s
ecurity/securingsqlserver.asp
there are useful tipps to securing the sql-Server
- Log on as a batch job (removable depends on your Envoirement - !CHECK! does your sqlserver service use a start batch?)
- the others will be used for internal tuning and interaction - I you REALLY must to remove them try it on your on risk!
CU Ralf
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment