The alternativ would be a low level domain account as action account on your
SQL machines. What do your SQL Admins say about that?
--
--
Regards
Anders Bengtsson [MCSE:Security, MCSA:Messaging] | http://www.contoso.se
"FCB DSS" <FCB...@discussions.microsoft.com> wrote in message
news:1E78F0C4-7DCE-49D3...@microsoft.com...
Everyone with admin account on the server can thinker with SQL if they want
to.
You can also use a down-level domain account, what to your SQL Admins think
about that?
---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se
FD> Our SQL admins say the NT\Authority/System account is a user account
FD> without a password and would allow anyone with admin rights to the
FD> server to have full access to the SQL data.
FD>
FD> "Anders Bengtsson" wrote:
FD>
Take a look in the SQL MP guide, I think there is a chapter about using a
domain account with non-admin permissions.
---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se
FD> Believe me the server engineers are aware of that. When you say we
FD> can use a down-level account what do you mean? We investigated
FD> using an account other than NT Authority\System but couldn't find a
FD> way to change it. How can that be done if so? That might be the
FD> answer right there.
You can download the management pack guide here, and read about it
http://www.microsoft.com/downloads/details.aspx?familyid=653D9FB9-B1C6-4702-A152-99852DCB2772&displaylang=en
---
Regards
Anders Bengtsson, MCSE:Security
http://www.contoso.se
FD> How would SQL Server need to be configured if the Builtin
FD> Administratos group has been removed and we would still want to use
FD> the SQL Management Pack?