Solved

ISA logging to MSDE security

Posted on 2006-10-21
5
272 Views
Last Modified: 2013-11-16
I've been scouring the internet for an answer to this question but can't seem to find one, so I hope someone here can help. I have an ISA 2004 installation logging to a MSDE DB. This DB has 3 security accounts associated with it, BuiltIn\Administrators, NT Authoriy\Network Service and SA. I use MOM 2005 on my network and noticed an event stating that one of these accounts has a NULL or weak password. My guess is that it is talking about the SA account.

I do not remember what the password was for the SA account but my guess is that it is NULL by default and that ISA is using it for logging. I may be wrong but it's my best educated guess due to the fact that SQL liked using blank SA passwords by default and I'm usually very good about recording passwords and I can't believe I missed this one.

If I change the SA password to something complex, how do I configure ISA to use it? Does ISA 2004 even use the SA account? Could it be disabled safely?
0
Comment
Question by:mascoloj
  • 4
5 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17782945
By default ISA has its own mechanisms when using msde and built-in controls stop the ISA msde databse being contacted from anywhere except from the isa server itsself. This is referenced in the ISA manual. The fact you are running MOM against the database at all suggests you have amended this setting and turned on the remote monitoring & logging option within the ISA System policy. You are correct; by default, the password is blank.

http://www.microsoft.com/technet/isa/2004/plan/securityhardeningguide.mspx
This is a very good link in respect to hardening the isa2004 server just for your info.

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q322336
This is useful as it explains how to change the msde password

http://forums.isaserver.org/m_190092100/tm.htm
A link to others who have had a similar requirement

Regards
Keith


0
 

Author Comment

by:mascoloj
ID: 17784092
Hey Keith,
Thanks for getting back to me. I will look over the links and let you know what happens. Just to clearify one thing though, I have MOM installed on the same server as ISA. Because of the environment I have and the way it was built - pre me, ISA is being used more as a way of restricting internet use and reporting on it with the benefit of an additional inspection of the traffic flowing through it. It is a redundant firewall at best with a primary firewall at the edge of my network.

Thanks again,
Mas
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17784104
No probs. Will wait to hear from you :)
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17828113
Any update?
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 17932205
Thank you :)
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Content Filtering 1 to 1 Peer Review 1 97
Static IP 5 88
Microsoft Advanced Firewall Isolation 6 77
Telnet IP/port - Testing for connectivity question 11 115
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question