October 12, 2012 at 12:30 am
Hi,
By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.
Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.
Any idea what is the security risk from security standpoint?
Anyone here revoke it before? Any impact on doing it? thanks
October 12, 2012 at 5:10 am
this $ users are available in one of my server as well but i havent removed it yet.
as per me no body can access using that logins so how security issue?
experts clarify if i am wrong.
Regards
Durai Nagarajan
October 14, 2012 at 8:20 pm
Hi,
Any experts can advise?
thanks!
October 15, 2012 at 12:02 am
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?
i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.
-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
October 15, 2012 at 1:18 am
Bhuvnesh (10/15/2012)
durai nagarajan (10/12/2012)
as per me no body can access using that logins so how security issue?i second here , the above mentioend accesses are given by sql installation , and why any unauthorozed person will go there ,he.she should not have access to that drive too.
Hi All,
I think from security point of view, the auditor doesn't want powerful privileges granted if it's not needed for SQL Server to function.
So actually wish to know what is this group and is it needed for sql server to function.
thanks
October 15, 2012 at 1:39 am
chewychewy (10/15/2012)
So actually wish to know what is this group and is it needed for sql server to function.thanks
See it this can helps you http://msdn.microsoft.com/en-us/library/ms143547(v=sql.100).aspx
-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
October 15, 2012 at 2:42 am
chewychewy (10/12/2012)
Hi,By default installation, SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER is having the below access to SQL Server Data folder.
Full Control
Modify
Read and Execute
List Folder Contents
Read
Write
Auditor highlight that this is a security concern and want us to revoke full control, modify, read and execute and write permission for SQLServer2005MSSQLuser$<INSTANCENAME>$MSSQLSERVER from the data folder.
Any idea what is the security risk from security standpoint?
Anyone here revoke it before? Any impact on doing it? thanks
This is a default local group created by the SQL Server installer, if you look in local user and group management you'll see a whole bunch of local groups created. Do not revoke permissions for this group!
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
October 15, 2012 at 4:48 am
thanks all
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply