November 10, 2003 at 1:14 pm
We're an Oracle shop that is just getting started with S2K. Any security issues using the SQL Server Agent? There are in Oracle, so we just want to make sure about S2K as we figure out how to administer our databases in this new environment.
Thanks in advance,
Jen
November 10, 2003 at 6:09 pm
Check the box so that only sysadmins can run cmdexec processes. Use a domain account and give it only permissions to things it needs to have (drives, file shares). Dont make it a domain admin account.
Andy
November 10, 2003 at 6:32 pm
Hi Jen
There are some issues to be aware of, mainly around the execution of xp_cmdshell in the master db and how you setup a proxy account for non sysadmins to run this command (all configured via the sql agent part of Enterprise manager). Generally, run the proxy with care, select the appropriate directories in which access is granted (use NT groups with appropriate ACL's assigned), or dont allow access all together. As the the agent account itself; i create a domain account in which my instance runs under, and use the same sysadmin account for sql agent. Play with your access rights but ive found it difficult to really nail shut.
Have a read of this:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/instsql/in_overview_6k1f.asp
Cheers
Ck
Chris Kempster
Author of "SQL Server 2k for the Oracle DBA"
Chris Kempster
www.chriskempster.com
Author of "SQL Server Backup, Recovery & Troubleshooting"
Author of "SQL Server 2k for the Oracle DBA"
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply