InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comWed, 19 Jun 2013 11:26:13 GMT20http://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspxthanks allMon, 15 Oct 2012 04:48:58 GMTchewychewyhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspx[quote][b]chewychewy (10/12/2012)[/b][hr]Hi,By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.Full Control ModifyRead and ExecuteList Folder ContentsReadWriteAuditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.Any idea what is the security risk from security standpoint?Anyone here revoke it before? Any impact on doing it? thanks[/quote]This is a default local group created by the SQL Server installer, if you look in local user and group management you'll see a whole bunch of local groups created. Do not revoke permissions for this group!Mon, 15 Oct 2012 02:42:03 GMTPerry Whittlehttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspx[quote][b]chewychewy (10/15/2012)[/b][hr]So actually wish to know what is this group and is it needed for sql server to function.thanks[/quote] See it this can helps you [url]http://msdn.microsoft.com/en-us/library/ms143547(v=sql.100).aspx[/url]Mon, 15 Oct 2012 01:39:02 GMTBhuvneshhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspx[quote][b]Bhuvnesh (10/15/2012)[/b][hr][quote][b]durai nagarajan (10/12/2012)[/b][hr]as per me no body can access using that logins so how security issue?[/quote] i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.[/quote]Hi All,I think from security point of view, the auditor doesn't want powerful privileges granted if it's not needed for SQL Server to function.So actually wish to know what is this group and is it needed for sql server to function.thanksMon, 15 Oct 2012 01:18:54 GMTchewychewyhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspx[quote][b]durai nagarajan (10/12/2012)[/b][hr]as per me no body can access using that logins so how security issue?[/quote] i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.Mon, 15 Oct 2012 00:02:28 GMTBhuvneshhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspxHi,Any experts can advise?thanks!Sun, 14 Oct 2012 20:20:57 GMTchewychewyhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspxthis $ users are available in one of my server as well but i havent removed it yet.as per me no body can access using that logins so how security issue?experts clarify if i am wrong.Fri, 12 Oct 2012 05:10:38 GMTdurai nagarajanhttp://www.sqlservercentral.com/Forums/Topic1371906-146-1.aspxHi,By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.Full Control ModifyRead and ExecuteList Folder ContentsReadWriteAuditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.Any idea what is the security risk from security standpoint?Anyone here revoke it before? Any impact on doing it? thanksFri, 12 Oct 2012 00:30:51 GMTchewychewy