Gaining access to a Windows 2003 Server through MSSQL diskadmin?

Hello all smart people!
I have a Windows 2003 Server running MS SQL 2005. To this machine there is an MS SQL account which has the diskadmin rights. I was now wondering, if there is any way to gain access to this machine through this account? Is this a security risk?
Ofcourse this user can list file on the local disk, but can he/she for example create a  new user on the local machine?
I guess it is the AD that controls user access, but this information need to be written to the filesystem at some moment.

Please let me know if you need any further info.
Thanks in advance.
LVL 1
jide85Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jim P.Commented:
Assuming that this is a SQL user id and not a domain ID

It has the ALTER RESOURCES -- the best explanation I can find for it is:

The diskadmin fixed server role basically has the ability to add and remove backup devices. The list of rights is rather short:

    * Add member to diskadmin
    * DISK INIT
    * sp_addumpdevice
    * sp_diskdefault
    * sp_dropdevice

Two of these rights, DISK INIT and sp_diskdefault, are deprecated in SQL Server 2000. Books Online states support is limited in SQL Server 2000 and to consider replacing references to DISK INIT with CREATE DATABASE or ALTER DATABASE. The stored procedure sp_diskdefault has much stronger language: Removed; no longer available. Remove all references to sp_diskdefault.

Removing DISK INIT and sp_diskdefault, only sp_addumpdevice and sp_dropdevice remain. The diskadmin role can create and delete devices for database backups. However, unless a user receives permissions the database level, the user with diskadmin role rights has no permissions to backup a database by default.

http://www.sqlservercentral.com/articles/Administering/sqlserversecurityfixedroles/1163/

diskadmin: http://msdn.microsoft.com/en-us/library/ms175949(SQL.90).aspx

Permissions of Fixed Server Roles:
http://msdn.microsoft.com/en-us/library/ms175892(SQL.90).aspx
0
jide85Author Commented:
Hello jimpen.
So what you are saying is that the SQL user with diskadmin rights can in no way alter the information on the local disks. He/she has only rights to create/delete devices for backup.

Though there is a command which returns the content of a disk:
master..xp_cmdshell 'DIR D:\DBBackup\'
There is no similar command to remove a file?
Best regards
/jide
0
Jim P.Commented:
>> master..xp_cmdshell 'DIR D:\DBBackup\'

The xp_cmdshell is a separate right. If you can do an action at a DOS prompt (DIR/DEL/REName/COPY/XCOPY/...) you can do it with the xp_cmdshell. But the rights to that are not granted by the diskadmin server role. (Example in the code snippet.)

Now whoever has rights to the xp_cmdshell is limited to the same folders/functions as the SQL Server Agent that runs the SQL Services on your server. (See the Log On As column in your Services applet). If the userid is a local admin -- they can access any folder on the server. But if the user is limited to the SQL Server hive(s) (x:\Program Files\Microsoft SQL Server\MSSQL.#) and any other folders that the Adent has been granted rights to.
select SYSTEM_USER
 
exec xp_cmdshell 'dir c:\*.txt'
 
 
--------------------------------------------------------------------------------------------------------------------------------
diskAdmin_test
 
(1 row(s) affected)
 
Msg 229, Level 14, State 5, Procedure xp_cmdshell, Line 1
The EXECUTE permission was denied on the object 'xp_cmdshell', database 'mssqlsystemresource', schema 'sys'.

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jim P.Commented:
Glad to be of assistance. May all your days get brighter and brighter.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.