Solved

domain admin sysadmin

Posted on 2013-06-04
3
404 Views
Last Modified: 2013-06-20
By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql account? Or not neccesarily? Reason I ask is we queried sys.syslogins and the password field is just showing as a load of boxes when I though they'd be the encrypted hashes for sql auth accts. I wondered if this is perhaps a security mechanism? To stop non sysadmins exporting the hashesIs it?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 500 total points
ID: 39219305
"By default in sql 2005 or 2008 is the ad domain admins group automatically a sysadmin sql "

As far as I'm aware - the answer is No, however they can add themselfs as they have enough authority to do it.

You could actually script and transfer logins from SQL to SQL hashed by using: "How to transfer logins and passwords between instances of SQL Server"

http://support.microsoft.com/kb/918992


Hopefully this clears somewhat your second question/concern.
0
 
LVL 3

Author Comment

by:pma111
ID: 39219321
Not really I wondered if its not showing the hash in the password column as the user is not a sysadmin ?
0
 
LVL 40

Expert Comment

by:lcohan
ID: 39219428
I suggest you take the direct approach and query the SQL sysadmin server role instead:

SELECT      Sid,
            name,
            IS_SRVROLEMEMBER('sysadmin', name)      AS      IsSysAdmin
FROM      sys.server_principals
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What if you have to shut down the entire Citrix infrastructure for hardware maintenance, software upgrades or "the unknown"? I developed this plan for "the unknown" and hope that it helps you as well. This article explains how to properly shut down …
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question