Gaining access to a Windows 2003 Server through MSSQL diskadmin?
Posted on 2009-02-12
Hello all smart people!
I have a Windows 2003 Server running MS SQL 2005. To this machine there is an MS SQL account which has the diskadmin rights. I was now wondering, if there is any way to gain access to this machine through this account? Is this a security risk?
Ofcourse this user can list file on the local disk, but can he/she for example create a new user on the local machine?
I guess it is the AD that controls user access, but this information need to be written to the filesystem at some moment.
Please let me know if you need any further info.
Thanks in advance.