Solved

domain admin sysadmin

Posted on 2013-06-04
3
400 Views
Last Modified: 2013-06-20
By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql account? Or not neccesarily? Reason I ask is we queried sys.syslogins and the password field is just showing as a load of boxes when I though they'd be the encrypted hashes for sql auth accts. I wondered if this is perhaps a security mechanism? To stop non sysadmins exporting the hashesIs it?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 500 total points
ID: 39219305
"By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql "

As far as I'm aware - the answer is No, however they can add themselfs as they have enough authority to do it.

You could actually script and transfer logins from SQL to SQL hashed by using: "How to transfer logins and passwords between instances of SQL Server"

http://support.microsoft.com/kb/918992


Hopefully this clears somewhat your second question/concern.
0
 
LVL 3

Author Comment

by:pma111
ID: 39219321
Not really I wondered if its not showing the hash in the password column as the user is not a sysadmin ?
0
 
LVL 40

Expert Comment

by:lcohan
ID: 39219428
I suggest you take the direct approach and query the SQL sysadmin server role instead:

SELECT      Sid,
            name,
            IS_SRVROLEMEMBER('sysadmin', name)      AS      IsSysAdmin
FROM      sys.server_principals
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Recently I was talking with Tim Sharp, one of my colleagues from our Technical Account Manager team about MongoDB’s scalability. While doing some quick training with some of the Percona team, Tim brought something to my attention...
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question