xstatus in sysxlogins

  • Can anyone help me figure out how to map xstatus column in sysxlogins table?  I need to know what each xstatus code stands for.  There is no documentation available on BOL.

     

    Thanks

  • Hi Eric,

    When Sql Server is installed the Windows NT Group, 'Builtin\Administrators' is added to the sysusers table and is added to the dbo role.Under the sysxlogins table their xtatus is set to 22.This entry defines what kindof login it is.By changing the xstatus to 18 an attacker can log on the SQL Server using standered SQL Login name of 'BUILTIN\Administrator' and no password ; local administrator can still log on at the same time.This is true of all windows based logins and needless to say the xstatus of each NT login should be examined.

    Hope this helps u

     

    From

    Killer

    Learning Manners.

  • Hi,

    If u want to get deep see this artical.

    http://support.microsoft.com/default.aspx?scid=kb;en-us;246133

     

     

    from

    Killer

    Learning Manners.

  • Thanks Raj, that helps.

    So, if I remove BUILTIN\Administrators, I do not have to worry about this right?  Also, what is xstatus 64?

  • Thanks Raj, that helps.

    So, if I remove BUILTIN\Administrators, I do not have to worry about this right?  Also, what is xstatus 64?

  • Hi Eric,

    Ok, An overview in sql server we create many user and defines privilages to that user but who should have sysdmin rights and who should not have sysadmin rights.

    this is the list of rights a user have

     

    when 16  = [Sys]

    when 32  = [Security]

    when 64  = [IsServer]

    when 128 =[Setup]

    when 256 = [Process]

    when 512 = [Disk]

    when 1024 = [dbcreator]

    when 4096 = [Bulk]

     

    Hope this help

    If u get what u need else i have some documents i can pass it to u.

    from

    Killer

     

     

  • Before removing BUILTIN\Adminstrators, make sure you have another login that has sysadmin rights otherwise you'll lose sysadmin access to the server.

     

    --------------------
    Colt 45 - the original point and click interface

  • And bear in mind that if someone has managed to update a system table in the master database, then they're already compromised that server to a large degree.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass
  • Thanks everyone.  It will help.

     

    My SQL Server is pretty secure but I have heard from sources that our director is going to hire a hacker to try and hack into company databases.  I was just doing touch ups on our security structure and maybe close one or 2 back doors.

     

    Thanks

  • Hi Eric,

    Eric it sounds like skeptical.But dont worry u are secure and make it more secure.Update urself with the rights u had issued to ur users.Block all the free ports on the server except that are used.

    U know sql listen on 1433 port no but that is not true as i had tested .Sql server can listen from other port number also.

    Keep onething in mind that hacker use dynamic port number that hits on the server.So update urself with these port number. U can also use proxy server which will make ur sql server more secure from out side entity.

    One thing more i like to suggest that sometime hacker uses spam mail. if they are opened they send the information regarding ur ipaddress and other things and u will never come to know about that.

    Hope u will get out of this .

    Regards,

    Killer

     

Viewing 10 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic. Login to reply