October 3, 2004 at 7:35 pm
My client wants the security of the SQL Server to be tight and he only wants the sa and other logins which normally using the web application to login to the sql server. So I remove the builtin/administrator group from the logins and create a domain user account as the MSSQLServer login service. But when I tried to associate the domain user to the MSSQLServer service, it can't be started and have an error of 'Access is denied'. So I decided to add it to the local administrator group of the machine, and it finally started. Then I tried it to associate also the domain user to the SQL Server Agent as the login service, it fails and have an error on the event viewer that says that the user must be a member of sysadmin role. But if I will add this user from the sysadmin role, the domain user will have enough rights to add himself to another database that is prohibited to him to view sensitive data. And this can be done by some domain administrator that can just changed the password to the Active directory and under the SQL Server Agent login service. Is there any other way of securing the logins?
October 4, 2004 at 7:17 am
See answer here: Administration post
K. Brian Kelley
@kbriankelley
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply