November 25, 2011 at 1:52 am
I am creating a list of policy that need to enforce my environment .
One of the security requirement in the list is the SQL service account cannot exits in the local admin group.
xp_cmdshell is disable in the CMS servers. By using windows command : net localgroup Administrators , i manage to get a list of local admin account name, but how do it input this as my policy condition ?
November 28, 2011 at 2:48 am
the reason to create this policy is to ensure the sql service account is not the local admin group members.
I do some research and found WMi can use to retrieve the local administrator with below statement
ExecuteWql ('STRING', 'root\CIMV2', 'select name from win32_UserAccount where LocalAccount = ''TRUE'' and name like String(@EngineServiceAccount) ' )
However i hit the error : Invalid query (system.Management)
can anyone familiar with the syntax point out my error .
the @engineServiceAccount is one of the facet properties.
December 21, 2011 at 1:04 pm
I can recreate the issue using the "Server Installation Settings" facet. I can use the ExecuteWql function using the "Server Information" facet however @EngineServiceAccount is not a property of that facet.
What version of SQL Server are you running?
I found this bug report that was marked fixed but it does not say which build.
There are no special teachers of virtue, because virtue is taught by the whole community.
--Plato
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply