November 11, 2008 at 9:39 am
Can I turn off the ability to choose CmdExec and Activex Types: on job steps in SQL Agent? I'm working with SQL 2005.
November 11, 2008 at 11:25 am
After reevaluating the intent of the security document that prompted this question, I believe all that needs to be done is verifying that the SQL Server Agent proxy accounts (which can be seen in SSMS by opening SQL Server Agent and then Proxies) are not being used to grant access to ActiveX or CmdExec job step types to anyone other than Sysadmin who have them by default.
I would be curious to know if the list can be controlled completely - can the CMDEXEC option be removed from the list even for SysAdmins? I guess that would be pointless because they would most likely have the ability to add it back anyway.
SO I think just by checking the use of the proxy accounts, I can satisfy this security request.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply