Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Policy Management: BUILTIN\Administrators are sysadmin's Expand / Collapse
Author
Message
Posted Friday, April 29, 2011 12:19 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Sunday, August 10, 2014 4:15 AM
Points: 293, Visits: 816
Hi,
I'm trying to create a policy to check that the Server Roles for BUILTIN\Administrators includes sysadmin. I've not been able to locate a Server Role facet or other facet that includes a property for Server Role.

So far I've got a condition on the login facet @Name = 'builtin\administrators'. I"m using this as the target for the policy, but that big missing piece is where to check the server role.

Anyone know where the needle is?
Post #1100990
Posted Friday, April 29, 2011 1:29 PM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, August 29, 2014 1:19 PM
Points: 317, Visits: 867
Take a look at this article. Though he doesn't say it, the @WindowsUsersAndGroupsInSysadminRole he talks about is in the Server Installation Settings facet. (Of course )



Colleen M. Morrow
Cleveland DBA
Post #1101031
Posted Friday, April 29, 2011 3:20 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Sunday, August 10, 2014 4:15 AM
Points: 293, Visits: 816
Thanks I actually saw that and it doesn't do what I'm trying to do.

I've tried this:
Facet: Server Installation (not mentioned in that link)
@WindowsUsersAndGroupsInSysadminRole = Array('builtin\administrators')
The array that gets returned is all users and groups in the sysadmin role so it fails.
If you have many servers with different lists of sysadmins, this won't work.
Post #1101076
Posted Friday, April 29, 2011 3:48 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Sunday, August 10, 2014 4:15 AM
Points: 293, Visits: 816
I spent most of my day figuring this out so I decided to create a blogger account:

http://jonmorisissqlblog.blogspot.com/2011/04/configure-policy-to-checks-that.html
Post #1101082
Posted Friday, April 29, 2011 3:50 PM


SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Sunday, August 10, 2014 4:15 AM
Points: 293, Visits: 816
similar posts
http://www.sqlservercentral.com/Forums/Topic947360-1292-1.aspx?Update=1
http://www.sqlservercentral.com/Forums/Topic612919-391-1.aspx?Update=1
Post #1101086
Posted Monday, May 2, 2011 9:15 AM


Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Friday, August 29, 2014 1:19 PM
Points: 317, Visits: 867
Awesome, thanks for sharing your solution!



Colleen M. Morrow
Cleveland DBA
Post #1101651
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse