Solved

SQL Local System Account Privledges

Posted on 2010-11-17
4
257 Views
Last Modified: 2012-05-10
Consider the following:

SQL server and agent services run under the local system account
A user has db_owner of all databases other than system
User has local admin rights on the box
SQL builtin\administrator has been removed
User also has SQLAgentReaderRole rights
User does not have 'sa' password

Can the user in any way initiate a job that runs as 'sa'? Also, can the user create a job that runs against the master or msdb databases?

Thanks
0
Comment
Question by:barnesco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 50

Expert Comment

by:Vitor Montalvão
ID: 34162453
barnesco, for security reasons you shouldn't use Local System Account for SQL Server services.
Check this http://msdn.microsoft.com/en-us/library/ms191543.aspx

Cheers
0
 
LVL 22

Expert Comment

by:8080_Diver
ID: 34165425
If the Pkg owner is sa, then I believe that the user will have to know the sa password in order to execute the package.  That is the nature of sceurity. ;-)  If you don't have sufficient rights, you can't do it and sa rights are a super set of the local admin rights.
0
 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 34166404
Quote: "User has local admin rights on the box"

Yes he can do all of this with a little knowledge.

//Marten
0
 

Author Comment

by:barnesco
ID: 34166406
I know, but it's not my call.
0

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question