July 31, 2014 at 12:19 pm
Steve Jones - SSC Editor (7/31/2014)
Eric M Russell (7/31/2014)
If the windows group like 'MyCorp\ProductionDBA' or 'Builtin\Administrators' are members of SYSADMIN, and user account 'MyCorp\JohnSmith' is added to one of these groups, then he has sysadmin privillage. There is no 'CREATE LOGIN..' or 'GRANT..' operation, and as far as I know, there is no profiler event, extended events, trigger, or meta-data change within SQL Server that could be leveraged to alert this at the time the domain group membership is added.However, one thing that could be done is to create a LOGIN trigger that checks the sysadmin privillage of an account at time of login and then compares user's account name to a table containing list of known admins.
No WMI-type event? Something like this?
http://msdn.microsoft.com/en-us/library/aa772153(v=vs.85).aspx
That looks promising for monitoring changes to a specific domain group that we know has membership in mssql sysadmin role. However, I'm not sure it would cover local groups like 'Builtin\Administrators'. That's a strong and compelling reason to not add local windows groups or accounts to a privillaged SQL Server role, and why they are not longer added by default in recent editions of mssql installation process.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 2, 2018 at 9:49 am
The Voice of the DBA posted 'asecurity presentation from Andreas Wolter' web link which is broken and showing 404 error, can someone fix or provide the active link to watch this presentation. Thanks.
March 5, 2018 at 6:46 am
asad.iqbal 75122 - Friday, March 2, 2018 9:49 AMThe Voice of the DBA posted 'asecurity presentation from Andreas Wolter' web link which is broken and showing 404 error, can someone fix or provide the active link to watch this presentation. Thanks.
It appears that SQL Bits have removed the presentation. Since it's a few years old, my guess is that it's been taken down to save space/costs.
Viewing 3 posts - 16 through 17 (of 17 total)
You must be logged in to reply to this topic. Login to reply