February 15, 2006 at 8:11 am
Hello,
I would like to protected my database :
Schema :
I installed my database, but I would like that windows administrateur doesn't access to database property (store procedure, table, view, backdatabase...). (I would like to lock my data base with a password)
Is it possible ?
degrem_m
Degremont
February 15, 2006 at 9:24 am
Before you do anything make sure that you have granted yourself sysadmin rights by some other means than by being a local administrator.
Then make sure that the BUILTIN\Administrators login is removed from the sysadmin server role, or you might want to remove the login completely. Then make sure that you know what all the other logins are used for, particularly those in the sysadmins, or any other server roles.
As long as the BUILTIN\Administrators login is part of the sysadmin role, there is nothing you can do to keep the Windows admins from accessing anything, or doing anything in SQL Server.
/*****************
If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek
*****************/
February 15, 2006 at 10:08 am
Be careful about removing BUILTIN\Administrators because when I did this I wasn't able to use the Surface Configuration Utility.
February 15, 2006 at 10:25 am
I ALWAYS remove builtin\administrators and I have had no problems with the SCU. You may have a different issue.
/*****************
If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek
*****************/
February 16, 2006 at 5:24 am
AS above.
Grant the DBA group sysadmin access, drop Builtin\Administrators.
This is the MS advised process, it does not cause problems.
Be aware that your database is then only secure from casual misuse. For example, local administrators still have access to the mdfs and can steal the database.
February 16, 2006 at 3:21 pm
It's ok,
But If administrateur kills SQL Server service, Is it possible to encrypte or protected by password my database (If he attach .mdf file in an other database ) ?
I must deploye ERP in the company but , I don't want they change my softwarre or my database (table and procedure.). For my application, it's ok, I built my webapplication (and offuscated dll) but for my database is more complicated.
degrem_m
Degremont
February 21, 2006 at 2:16 am
A local administrator has full control over that machine, you cannot get away from that fact.
You can encrypt the contents of the data, but rather than try to limit full-control, address your concerns by not granting administrator access to the machine casually. Have a single local admin account and lock the password in a safe.
February 21, 2006 at 4:21 am
Yes, but the issue is protect it from what?
I've seen several posts from developers worried about people stealing the schema and not buying their product - this is covered by your clients contract with you, and you'll get a lot more out of a legal case than in sales.
Even with compiled application code you can reverse engineer it quite easily these days.
If you're worried about data theft - apply security and encryption.
If you're worried about support staff mucking about, segregate OS admins from SQL admins by denying BUILTIN\Administrators.
February 21, 2006 at 9:43 am
While virtualization is fine for development and testing environments (as long as you aren't trying to run benchmarks) I would never run a producton SQL Server on a virtual machine. Our tests have shown anywhere from 20% to 400% performance degradation when running SQL Server on a VM. The 20% range was when there was only one guest operating system active, as the number of guest OSes increased the performance went downhill, at the point that there were more guest OSes than physical CPUs performance dropped off a cliff...
/*****************
If most people are not willing to see the difficulty, this is mainly because, consciously or unconsciously, they assume that it will be they who will settle these questions for the others, and because they are convinced of their own capacity to do this. -Friedrich August von Hayek
*****************/
Viewing 10 posts - 1 through 9 (of 9 total)
You must be logged in to reply to this topic. Login to reply