<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
SQL Server 2005
»
Administering
»
data folder permission
data folder permission
Rate Topic
Display Mode
Topic Options
Author
Message
chewychewy
chewychewy
Posted Friday, October 12, 2012 12:30 AM
Valued Member
Group: General Forum Members
Last Login: Wednesday, May 22, 2013 9:47 PM
Points: 72,
Visits: 287
Hi,
By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.
Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.
Any idea what is the security risk from security standpoint?
Anyone here revoke it before? Any impact on doing it? thanks
Post #1371906
durai nagarajan
durai nagarajan
Posted Friday, October 12, 2012 5:10 AM
SSC Eights!
Group: General Forum Members
Last Login: 2 days ago @ 2:05 AM
Points: 856,
Visits: 2,115
this $ users are available in one of my server as well but i havent removed it yet.
as per me no body can access using that logins so how security issue?
experts clarify if i am wrong.
Regards
Durai Nagarajan
Post #1372029
chewychewy
chewychewy
Posted Sunday, October 14, 2012 8:20 PM
Valued Member
Group: General Forum Members
Last Login: Wednesday, May 22, 2013 9:47 PM
Points: 72,
Visits: 287
Hi,
Any experts can advise?
thanks!
Post #1372551
Bhuvnesh
Bhuvnesh
Posted Monday, October 15, 2012 12:02 AM
SSCrazy
Group: General Forum Members
Last Login: Tuesday, March 26, 2013 8:41 AM
Points: 2,562,
Visits: 3,451
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?
i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.
-------Bhuvnesh----------
While 1 = 1 (Learning SQL....)
Click to get fast response of your post
Post #1372563
chewychewy
chewychewy
Posted Monday, October 15, 2012 1:18 AM
Valued Member
Group: General Forum Members
Last Login: Wednesday, May 22, 2013 9:47 PM
Points: 72,
Visits: 287
Bhuvnesh (10/15/2012)
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?
i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.
Hi All,
I think from security point of view, the auditor doesn't want powerful privileges granted if it's not needed for SQL Server to function.
So actually wish to know what is this group and is it needed for sql server to function.
thanks
Post #1372575
Bhuvnesh
Bhuvnesh
Posted Monday, October 15, 2012 1:39 AM
SSCrazy
Group: General Forum Members
Last Login: Tuesday, March 26, 2013 8:41 AM
Points: 2,562,
Visits: 3,451
chewychewy (10/15/2012)
So actually wish to know what is this group and is it needed for sql server to function.thanks
See it this can helps you
http://msdn.microsoft.com/en-us/library/ms143547(v=sql.100).aspx
-------Bhuvnesh----------
While 1 = 1 (Learning SQL....)
Click to get fast response of your post
Post #1372581
Perry Whittle
Perry Whittle
Posted Monday, October 15, 2012 2:42 AM
SSCertifiable
Group: General Forum Members
Last Login: Today @ 8:44 AM
Points: 5,204,
Visits: 11,165
chewychewy (10/12/2012)
Hi,
By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.
Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.
Any idea what is the security risk from security standpoint?
Anyone here revoke it before? Any impact on doing it? thanks
This is a default local group created by the SQL Server installer, if you look in local user and group management you'll see a whole bunch of local groups created. Do not revoke permissions for this group!
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs"
Post #1372596
chewychewy
chewychewy
Posted Monday, October 15, 2012 4:48 AM
Valued Member
Group: General Forum Members
Last Login: Wednesday, May 22, 2013 9:47 PM
Points: 72,
Visits: 287
thanks all
Post #1372648
« Prev Topic
|
Next Topic »
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
