Solved

SQL Local System Account Privledges

Posted on 2010-11-17
4
255 Views
Last Modified: 2012-05-10
Consider the following:

SQL server and agent services run under the local system account
A user has db_owner of all databases other than system
User has local admin rights on the box
SQL builtin\administrator has been removed
User also has SQLAgentReaderRole rights
User does not have 'sa' password

Can the user in any way initiate a job that runs as 'sa'? Also, can the user create a job that runs against the master or msdb databases?

Thanks
0
Comment
Question by:barnesco
4 Comments
 
LVL 48

Expert Comment

by:Vitor Montalvão
ID: 34162453
barnesco, for security reasons you shouldn't use Local System Account for SQL Server services.
Check this http://msdn.microsoft.com/en-us/library/ms191543.aspx

Cheers
0
 
LVL 22

Expert Comment

by:8080_Diver
ID: 34165425
If the Pkg owner is sa, then I believe that the user will have to know the sa password in order to execute the package.  That is the nature of sceurity. ;-)  If you don't have sufficient rights, you can't do it and sa rights are a super set of the local admin rights.
0
 
LVL 20

Accepted Solution

by:
Marten Rune earned 500 total points
ID: 34166404
Quote: "User has local admin rights on the box"

Yes he can do all of this with a little knowledge.

//Marten
0
 

Author Comment

by:barnesco
ID: 34166406
I know, but it's not my call.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question