Hello everybody,
I'm currently securing a w2k box according to some recommendations
made by a company that audited our server.
Now among their recommendations is to remove the following rights from
the sql-server account. (The SQL Server runs under its own 'user
account' and in mixed mode)
According to them I should remove these permissions:
- Act as part of the Operating System
- Replace a process level token
- Increase quotas
- Log on as batch job
- Log on as service
I've browsed the web and found some documents, however none could
really answer which SQL-Features depend on these services.
Maybe someone in this forum has some experience or helpful urls.
Thanks very much.
the document:
SQL Server 2000 C2 Administrator's and User's Security Guide
at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sql/maintain/security/sqlc2.asp
somehow mentions that these four services are necessary, but not why.
* Act as part of the operating system.
* Increase quotas.
* Replace a process-level token.
* Log on as a service.Hallo Beat(e) M=FCller,
at first you must NOT REMOVE the right
- Log on as service (The sql-Server does not start anymore!)
second the others you may try but I do not suggest it. Please look at
http://www.microsoft.com/sql/techinfo/administration/2000/s
ecurity/securingsqlserver.asp
there are useful tipps to securing the sql-Server
- Log on as a batch job (removable depends on your Envoirement - !CHECK! does your sqlserver service use a start batch?)
- the others will be used for internal tuning and interaction - I you REALLY must to remove them try it on your on risk!
CU Ralf
Showing posts with label according. Show all posts
Showing posts with label according. Show all posts
Tuesday, March 20, 2012
Subscribe to:
Posts (Atom)