data folder permission

  • Hi,

    By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.

    Full Control

    Modify

    Read and Execute

    List Folder Contents

    Read

    Write

    Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.

    Any idea what is the security risk from security standpoint?

    Anyone here revoke it before? Any impact on doing it? thanks

  • this $ users are available in one of my server as well but i havent removed it yet.

    as per me no body can access using that logins so how security issue?

    experts clarify if i am wrong.

    Regards
    Durai Nagarajan

  • Hi,

    Any experts can advise?

    thanks!

  • durai nagarajan (10/12/2012)


    as per me no body can access using that logins so how security issue?

    i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.

    -------Bhuvnesh----------
    I work only to learn Sql Server...though my company pays me for getting their stuff done;-)

  • Bhuvnesh (10/15/2012)


    durai nagarajan (10/12/2012)


    as per me no body can access using that logins so how security issue?

    i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.

    Hi All,

    I think from security point of view, the auditor doesn't want powerful privileges granted if it's not needed for SQL Server to function.

    So actually wish to know what is this group and is it needed for sql server to function.

    thanks

  • chewychewy (10/15/2012)


    So actually wish to know what is this group and is it needed for sql server to function.thanks

    See it this can helps you http://msdn.microsoft.com/en-us/library/ms143547(v=sql.100).aspx

    -------Bhuvnesh----------
    I work only to learn Sql Server...though my company pays me for getting their stuff done;-)

  • chewychewy (10/12/2012)


    Hi,

    By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.

    Full Control

    Modify

    Read and Execute

    List Folder Contents

    Read

    Write

    Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.

    Any idea what is the security risk from security standpoint?

    Anyone here revoke it before? Any impact on doing it? thanks

    This is a default local group created by the SQL Server installer, if you look in local user and group management you'll see a whole bunch of local groups created. Do not revoke permissions for this group!

    -----------------------------------------------------------------------------------------------------------

    "Ya can't make an omelette without breaking just a few eggs" 😉

  • thanks all

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply