SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Disabling NT AUTHORITY\SYSTEM vs. remove sysadmin privileges on SQL 2008 Cluster


Disabling NT AUTHORITY\SYSTEM vs. remove sysadmin privileges on SQL 2008 Cluster

Author
Message
GabyYYZ
GabyYYZ
SSCertifiable
SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)SSCertifiable (6.5K reputation)

Group: General Forum Members
Points: 6485 Visits: 2443
We have a stage cluster we are going through with a fine tooth comb in order to prepare for PCI compliance. One of the audits flagged the existence of NT AUTHORITY\SYSTEM. We disabled it, but lo and behold, our cluster failed to come up. I was able to bring SQL up standalone, re-enable NT AUTHORITY\SYSTEM, shut down sql, and bring up back the SQL cluster.

NT AUTHORITY\SYSTEM only seems to be running 'select @@servername' periodically, so I'm assuming the cluster is using this to verify the server is still up. We have stripped it of it's sysadmin privileges for now and there seem to be no issues. I'd like a second opinion to see if we approached this the correct way, and why the audit would have flagged this in the first place.

Thanks.

Gaby
________________________________________________________________
"In theory, theory and practice are the same. In practice, they are not."
- Albert Einstein

Andy Warren
Andy Warren
SSC Guru
SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)SSC Guru (87K reputation)

Group: Moderators
Points: 87573 Visits: 2864
It needs connect, view server state, alter any availability group, and view any definition. No server roles other than public.

Andy
SQLAndy - My Blog!
Connect with me on LinkedIn
Follow me on Twitter
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum








































































































































































SQLServerCentral


Search