December 22, 2005 at 8:33 am
I have found that there are some admin's in my group that are linking to the production server from there personal servers. From my understanding if there machine is hacked they could run commands from there server to the production server. Since I have CmdShell enabled this allows for big issues. Am I correct? This was a server that was set up to have the admin group to belong to the SQLAdministrators. When I am setting up the new server how do I make sure that SA is the only admin and I can control all NT Accounts? I already have three groups in Active directory set up. SQLDBA, SQLReadWrite, SQLRead. I want to be able to control all security access points.
December 22, 2005 at 10:21 am
Yes, you are correct. If their individual systems are compromised and they have linked server connections to the production servers, yes, someone could come in through that method. However, that threat isn't substantially more than if their personal accounts are compromised, which is more likely.
K. Brian Kelley
@kbriankelley
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply