March 6, 2002 at 8:21 am
I have just started working with SQLserver 2000 and have been experimenting with it to get a feel for how it works. While playing with it I have found that if I have SQL server 2000 installed on two desktops in the same domain I can use Server Service Manager on each machine to stop and start sqlserver and sqlserver agent on the other machine. I have tried changing the builtin administrator to “deny Access” but this made no difference.
I have also tried logging into each machine as a different (non administration user) and created the users on the opposing machine with deny access, but this still does not stop Server Manager from being able to stop sqlserver. The rest of the security is OK in that while logged on as the different users it is not possible to access the data on the opposing machines.
If anybody could tell me how to stop sqlserver being stopped by unauthorised persons I would be very grateful
March 6, 2002 at 8:46 am
Look up Server Roles in Logins in BOL. A person with the proper role only can stop and start. These roles are found by opening Login Properties in Enterprise Manager and clicking the server roles tab.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
March 6, 2002 at 9:25 am
Thanks for your reply, but unfortunately it has not helped me solve the problem.
I have checked the fixed roles and the only logins with these roles are the ones that need them. Other domain users without a login on the instance can still shutdown sqlserver. As can users with a login (with no roles) and the deny access box ticked under properties
Any other ideas?
March 6, 2002 at 9:38 am
Th only other way I know a user would be able to shutdown the server is if they have an account on the domain or box with suffient rights to shutdown and restart services. These can be gotten rid of by making sure at the NT level the do not have those rights.
"Don't roll your eyes at me. I will tape them in place." (Teacher on Boston Public)
March 6, 2002 at 10:20 am
The service manage provides a GUI for the net start and net stop command lines. If you have windows rights to do this, you can execute this. It has nothing to do with SQL itself.
Steve Jones
March 7, 2002 at 7:04 am
Thanks for this, I had not thought about it enough to realise that the server service manager was in fact just shutting/starting the service
March 7, 2002 at 10:01 am
you are welcome and it was interesting. Hopefully others will learn as well.
Steve Jones
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply