December 13, 2010 at 12:43 pm
We have a stage cluster we are going through with a fine tooth comb in order to prepare for PCI compliance. One of the audits flagged the existence of NT AUTHORITY\SYSTEM. We disabled it, but lo and behold, our cluster failed to come up. I was able to bring SQL up standalone, re-enable NT AUTHORITY\SYSTEM, shut down sql, and bring up back the SQL cluster.
NT AUTHORITY\SYSTEM only seems to be running 'select @@servername' periodically, so I'm assuming the cluster is using this to verify the server is still up. We have stripped it of it's sysadmin privileges for now and there seem to be no issues. I'd like a second opinion to see if we approached this the correct way, and why the audit would have flagged this in the first place.
Thanks.
Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein
September 18, 2016 at 10:51 pm
It needs connect, view server state, alter any availability group, and view any definition. No server roles other than public.
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply