How do I correct SQL Server Permissions and Roles that fail MBSA scan?

Using MBSA version: 2.1.2104.0, a scan of a workstation running XP Home resulted in the failures listed below. What are the appropriate actions to rectify the results?

  SQL Server Scan Results

   Instance MSSMLBIZ

    Administrative Vulnerabilities
                               
                   Issue:  SQL Server/MSDE Security Mode
                   Score:  Check passed
                   Result: SQL Server and/or MSDE authentication mode is set to Windows Only.

                   Issue:  CmdExec role
                   Score:  Check passed
                   Result: CmdExec is restricted to sysadmin only.

                   Issue:  Registry Permissions
                   Score:  Check passed
                   Result: The Everyone group does not have more than Read access to the SQL Server and/or MSDE registry keys.

                   Issue:  Folder Permissions
                   Score:  Check failed (critical)
                   Result: Permissions on the SQL Server and/or MSDE installation folders are not set properly.
                   Detail:
                                                | Instance | Folder | User |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | BUILTIN\Users |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | NMATHIS\SQLServer2005MSSQLUser$NMATHIS$MSSMLBIZ |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn | \CREATOR OWNER |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | NMATHIS\SQLServer2005MSSQLUser$NMATHIS$MSSMLBIZ |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | NMATHIS\SQLServer2005MSSQLUser$NMATHIS$MSSMLBIZ |
                                                | MSSMLBIZ | c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data | \CREATOR OWNER |

                   Issue:  Sysadmin role members
                   Score:  Best practice
                   Result: BUILTIN\Administrators group should not be part of sysadmin role.

                   Issue:  Guest Account
                   Score:  Check passed
                   Result: The Guest account is not enabled in any of the databases.

                   Issue:  Sysadmins
                   Score:  Check failed (non-critical)
                   Result: More than 2 members of sysadmin role are present.

                   Issue:  Service Accounts
                   Score:  Unable to scan
                   Result: SQL Server, SQL Server Agent, MSDE and/or MSDE Agent service accounts should not be members of the local Administrators group or run as LocalSystem.
                   Detail:
                                                | Instance | Service | Account | Issue |
                                                | MSSMLBIZ | MSSQL$MSSMLBIZ | NT AUTHORITY\NetworkService | This is a Domain Account. Baseline Security Analyzer cannot determine whether it belongs to the Domain Admins group due to the following error:  1212 The format of the specified domain name is invalid.
. |

                   Issue:  Password Policy
                   Score:  Check failed (critical)
                   Result: Enable password expiration for the SQL server accounts.

                   Issue:  SSIS Roles
                   Score:  Check passed
                   Result: The BUILTIN Admin does not belong to the SSIS roles.

                   Issue:  Sysdtslog
                   Score:  Best practice
                   Result: Do not create sysdtslogs90 in the Master or MSDB database.It is recommended to create a seperate logging database.
Nick WolfEverything ITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

marques_salazarCommented:
The utility tells you what action to take for each failed test.
0
Nick WolfEverything ITAuthor Commented:
While I believe you are correct marques, I am reviewing these results remotely and don't have the program and remote PC available to me. Are there any resources I could be pointed to that could help me understand and correct the specific issues referenced in my question?
0
marques_salazarCommented:
See attached....
result.txt
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.