?
Solved

domain admin sysadmin

Posted on 2013-06-04
3
Medium Priority
?
411 Views
Last Modified: 2013-06-20
By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql account? Or not neccesarily? Reason I ask is we queried sys.syslogins and the password field is just showing as a load of boxes when I though they'd be the encrypted hashes for sql auth accts. I wondered if this is perhaps a security mechanism? To stop non sysadmins exporting the hashesIs it?
0
Comment
Question by:pma111
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 2000 total points
ID: 39219305
"By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql "

As far as I'm aware - the answer is No, however they can add themselfs as they have enough authority to do it.

You could actually script and transfer logins from SQL to SQL hashed by using: "How to transfer logins and passwords between instances of SQL Server"

http://support.microsoft.com/kb/918992


Hopefully this clears somewhat your second question/concern.
0
 
LVL 3

Author Comment

by:pma111
ID: 39219321
Not really I wondered if its not showing the hash in the password column as the user is not a sysadmin ?
0
 
LVL 40

Expert Comment

by:lcohan
ID: 39219428
I suggest you take the direct approach and query the SQL sysadmin server role instead:

SELECT      Sid,
            name,
            IS_SRVROLEMEMBER('sysadmin', name)      AS      IsSysAdmin
FROM      sys.server_principals
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Creating a Cordova application which allow user to save to/load from his Dropbox account the application database.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question