• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

SQL Local System Account Privledges

Consider the following:

SQL server and agent services run under the local system account
A user has db_owner of all databases other than system
User has local admin rights on the box
SQL builtin\administrator has been removed
User also has SQLAgentReaderRole rights
User does not have 'sa' password

Can the user in any way initiate a job that runs as 'sa'? Also, can the user create a job that runs against the master or msdb databases?

Thanks
0
barnesco
Asked:
barnesco
1 Solution
 
Vitor MontalvãoMSSQL Senior EngineerCommented:
barnesco, for security reasons you shouldn't use Local System Account for SQL Server services.
Check this http://msdn.microsoft.com/en-us/library/ms191543.aspx

Cheers
0
 
8080_DiverCommented:
If the Pkg owner is sa, then I believe that the user will have to know the sa password in order to execute the package.  That is the nature of sceurity. ;-)  If you don't have sufficient rights, you can't do it and sa rights are a super set of the local admin rights.
0
 
Marten RuneCommented:
Quote: "User has local admin rights on the box"

Yes he can do all of this with a little knowledge.

//Marten
0
 
barnescoAuthor Commented:
I know, but it's not my call.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now