Post reply

Enterprise Manager Security

  • May 21, 2003 at 9:06 am

    #457983

    Hello, all,

    The most recent threads in this discussion are extremely relevant to something I discovered to my shock and horror this morning. I installed a .NET application on a user's machine, and installed MDAC 2.71 and the .NET Framework 1.0 as part of prepping the pc. I was logged on as the local box's Administrator.

    I then ran the app, fully expecting to get a run-time error when the first screen appeared. Much to my dismay, I was able to bring up any data entry screen I chose. (I did not try to add or update data because it was too early in the morning for me to have a coronary.)

    I have our MS SQL Server security set for Windows only, so, at first, I was puzzled as to why a local Administrator account was able to get access to the db on my machine. I then looked over the list of Windows accounts and I discovered the "BUILTIN\Administrators" group. With much trepidation, I removed this group, and then tried the app again, logged on as Administrator to the user's pc (not the network).

    On this second try, the application raised an exception, which, granted, was ugly, but at least I felt that the data was now protected to a greater extent than it had been.

    Here's my question: if I am using Windows-only security, how is it possible that a *local* admin account on another box can get access to my MS SQL Server database via BUILTIN\Administrators? To my way of thinking, BUILTIN\Adminstrators implies Domain Admins and Administrators in our domain, and leaves 'local box' Administrators out in the cold. Am I wrong?

    Is this by design? Please advise.

    Thank you,

    Regards,

    Matthew P. Seltzer

  • May 21, 2003 at 10:05 am

    #457996

    Do the passwords between the two local administrators accounts match? In other words, if on box A the password is MyPassword! on box B the password would be MyPassword! as well.

    K. Brian Kelley

    http://www.truthsolutions.com/

    Author: Start to Finish Guide to SQL Server Performance Monitoring

    http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1

    K. Brian Kelley
    @kbriankelley

Viewing 2 posts - 16 through 16 (of 16 total)

You must be logged in to reply to this topic. Login to reply