Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

data folder permission Expand / Collapse
Author
Message
Posted Friday, October 12, 2012 12:30 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 7, 2014 12:29 AM
Points: 93, Visits: 407
Hi,

By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.

Full Control
Modify
Read and Execute
List Folder Contents
Read
Write

Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.

Any idea what is the security risk from security standpoint?


Anyone here revoke it before? Any impact on doing it? thanks
Post #1371906
Posted Friday, October 12, 2012 5:10 AM
Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Friday, May 30, 2014 8:15 AM
Points: 1,056, Visits: 2,687
this $ users are available in one of my server as well but i havent removed it yet.

as per me no body can access using that logins so how security issue?

experts clarify if i am wrong.


Regards
Durai Nagarajan
Post #1372029
Posted Sunday, October 14, 2012 8:20 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 7, 2014 12:29 AM
Points: 93, Visits: 407
Hi,

Any experts can advise?

thanks!
Post #1372551
Posted Monday, October 15, 2012 12:02 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 12:26 AM
Points: 2,840, Visits: 3,963
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?
i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.


-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done
Post #1372563
Posted Monday, October 15, 2012 1:18 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 7, 2014 12:29 AM
Points: 93, Visits: 407
Bhuvnesh (10/15/2012)
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?
i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.


Hi All,

I think from security point of view, the auditor doesn't want powerful privileges granted if it's not needed for SQL Server to function.

So actually wish to know what is this group and is it needed for sql server to function.

thanks
Post #1372575
Posted Monday, October 15, 2012 1:39 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Tuesday, August 19, 2014 12:26 AM
Points: 2,840, Visits: 3,963
chewychewy (10/15/2012)
So actually wish to know what is this group and is it needed for sql server to function.thanks
See it this can helps you http://msdn.microsoft.com/en-us/library/ms143547(v=sql.100).aspx


-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done
Post #1372581
Posted Monday, October 15, 2012 2:42 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:27 PM
Points: 6,381, Visits: 13,724
chewychewy (10/12/2012)
Hi,

By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.

Full Control
Modify
Read and Execute
List Folder Contents
Read
Write

Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.

Any idea what is the security risk from security standpoint?


Anyone here revoke it before? Any impact on doing it? thanks

This is a default local group created by the SQL Server installer, if you look in local user and group management you'll see a whole bunch of local groups created. Do not revoke permissions for this group!


-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #1372596
Posted Monday, October 15, 2012 4:48 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Thursday, August 7, 2014 12:29 AM
Points: 93, Visits: 407
thanks all
Post #1372648
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse