Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security question regarding MOM 2005 and SQL 2000

0 views
Skip to first unread message

FCB DSS

unread,
May 1, 2007, 6:17:00 PM5/1/07
to
I would like to hear from as many of you as possible how you are managing a
SQL Server 2000 environment using MOM? For those of you where the DBA and
server administration is on seperate teams how do your DBA's feel about the
NT Authority\System account needing access in order to monitor and collect
data through the SQL Managment Pack? Were there security issues when this
was brought up? Has anyone found a workound other than simply not monitoring
SQL Server? We here have this delima where our DBA's will not allow the NT
Authority\System account access within SQL Server to run the SQL Management
Pack because of security risks. The perception is it is a Systems
Administration account which essentially allows anyone with Local Admin
privalges full access to all data with a database. If anyone has any
links/information to pass along that explains exactly what the NT
Authority\System account is and what's roles/permissiosn are that would be
wonderful. Thanks for your help from a very FRUSTRATED server engineer!!!!

Anders Bengtsson

unread,
May 2, 2007, 12:21:04 AM5/2/07
to
Hi

The alternativ would be a low level domain account as action account on your
SQL machines. What do your SQL Admins say about that?

--
--

Regards
Anders Bengtsson [MCSE:Security, MCSA:Messaging] | http://www.contoso.se

"FCB DSS" <FCB...@discussions.microsoft.com> wrote in message
news:1E78F0C4-7DCE-49D3...@microsoft.com...

FCB DSS

unread,
May 2, 2007, 8:11:03 AM5/2/07
to
Our SQL admins say the NT\Authority/System account is a user account without
a password and would allow anyone with admin rights to the server to have
full access to the SQL data.

Anders Bengtsson

unread,
May 2, 2007, 8:38:33 AM5/2/07
to
Hi FCB,

Everyone with admin account on the server can thinker with SQL if they want
to.
You can also use a down-level domain account, what to your SQL Admins think
about that?

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> Our SQL admins say the NT\Authority/System account is a user account
FD> without a password and would allow anyone with admin rights to the
FD> server to have full access to the SQL data.
FD>
FD> "Anders Bengtsson" wrote:
FD>

FCB DSS

unread,
May 2, 2007, 8:47:02 AM5/2/07
to
Believe me the server engineers are aware of that. When you say we can use a
down-level account what do you mean? We investigated using an account other
than NT Authority\System but couldn't find a way to change it. How can that
be done if so? That might be the answer right there.

Anders Bengtsson

unread,
May 2, 2007, 9:53:09 AM5/2/07
to
Hi FCB,

Take a look in the SQL MP guide, I think there is a chapter about using a
domain account with non-admin permissions.

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> Believe me the server engineers are aware of that. When you say we
FD> can use a down-level account what do you mean? We investigated
FD> using an account other than NT Authority\System but couldn't find a
FD> way to change it. How can that be done if so? That might be the
FD> answer right there.

FCB DSS

unread,
May 2, 2007, 10:18:03 AM5/2/07
to
How would SQL Server need to be configured if the Builtin Administratos group
has been removed and we would still want to use the SQL Management Pack?

Anders Bengtsson

unread,
May 2, 2007, 3:27:32 PM5/2/07
to
Hi FCB,

You can download the management pack guide here, and read about it
http://www.microsoft.com/downloads/details.aspx?familyid=653D9FB9-B1C6-4702-A152-99852DCB2772&displaylang=en

---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se

FD> How would SQL Server need to be configured if the Builtin
FD> Administratos group has been removed and we would still want to use
FD> the SQL Management Pack?

0 new messages