March 6, 2014 at 3:22 am
Hi,
Is there any way sa user can access folder located in local system.
Appreciate any advice.
Server Info:
SQL Server 2008 r2
OS: Windows Server 2008
Regards,
Manoj
March 6, 2014 at 3:38 am
If I'm not mistaken sa is a SQL Server account, meaning it does not map to a domain/local user which you can give permissions on resources.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
March 6, 2014 at 4:14 am
Thank you for the information.
March 6, 2014 at 4:23 am
k.manojkumar22 (3/6/2014)
Hi,Is there any way sa user can access folder located in local system.
Appreciate any advice.
Server Info:
SQL Server 2008 r2
OS: Windows Server 2008
Regards,
Manoj
The only way SA can access the local filesystem is via the Extended stored procedure XP_CMDSHELL. As SA i was able to delete a folder that the SQL server account had ACLs on
exec xp_cmdshell 'rmdir "P:\MSSQL10_50.H1\MSSQL\BACKUP\Litespeeddb"'
I was also able to create a folder too
exec xp_cmdshell 'mkdir "P:\MSSQL10_50.H1\MSSQL\BACKUP\somefolder"'
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
March 6, 2014 at 4:36 am
It's not about what the 'sa' account has access to. It's about what the account that SQL Server is running under has access to. That account determines what can be seen by a login that has system administration privileges within SQL Server.
"The credit belongs to the man who is actually in the arena, whose face is marred by dust and sweat and blood"
- Theodore Roosevelt
Author of:
SQL Server Execution Plans
SQL Server Query Performance Tuning
March 6, 2014 at 4:40 am
Grant Fritchey (3/6/2014)
It's not about what the 'sa' account has access to. It's about what the account that SQL Server is running under has access to. That account determines what can be seen by a login that has system administration privileges within SQL Server.
Good to know.
It's not a reason to blatantly give the service account all sorts of permissions though (I see already people drawing that conclusion from your reply :-D).
I think it's good to investigate why on earth sa should suddenly have access to local folders. They invented proxies/execution accounts for that.
Need an answer? No, you need a question
My blog at https://sqlkover.com.
MCSE Business Intelligence - Microsoft Data Platform MVP
March 6, 2014 at 4:40 am
Grant Fritchey (3/6/2014)
It's not about what the 'sa' account has access to. It's about what the account that SQL Server is running under has access to. That account determines what can be seen by a login that has system administration privileges within SQL Server.
Yes, as i mentioned above 😉
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
March 6, 2014 at 4:56 am
Manoj,
Provide more detail what exactly you would like to achieve so that people can help.
Cheers!
---------------------------------------------------
"Thare are only 10 types of people in the world:
Those who understand binary, and those who don't."
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply