Results 1 to 4 of 4
  1. #1
    Join Date
    Jul 2003
    Location
    Australia
    Posts
    217

    Unanswered: SQL Server 2005 Security

    (1) To prevent unauthorised database access, is it ADEQUATE to delete / disable the BuiltIn\Administrator login and the guest (database) user ?

    (2) How can I delete / disable the BuiltIn\Administrator login
    in SQL Server 2005 Express ? It didn't allow me to disable or delete it.

    (3) How can I delete / disable the guest (database) user
    in SQL Server 2005 Express ? It didn't allow me to disable or delete it.

  2. #2
    Join Date
    Mar 2007
    Location
    Holmestrand, Norway
    Posts
    332
    The answer to your scenario is quite simple: Guests are by default denied rights to log in, and if you do not trust the Administrators of the server then you should move the database to a server where you do trust the administrators, since there is almost no way of preventing administrators access to the data/database anyway.
    Ole Kristian Velstadbråten Bangås - Virinco - MSSQL.no - Facebook - Twitter

  3. #3
    Join Date
    Jul 2003
    Location
    Australia
    Posts
    217

    Question Are you sure ?

    Are you sure ??

    I thought guest HAVE access rights by default, that's the case in SQL Server 2000 -- when there is a guest user in any database, ANY login can access that database.

    I need to disable/delete the BuiltIn\Administrator login because, when it exists, anybody'd be able to login to SQL Server under WINDOWS authentication mode. And then they can go into MS Access and access SQL server data under WINDOWS authentication mode. They can even MODIFY the tables.

    Do you see my point ? I want to implement SQL authentication mode.

  4. #4
    Join Date
    Mar 2007
    Location
    Holmestrand, Norway
    Posts
    332
    Quote Originally Posted by Lepanto
    Are you sure ??

    I thought guest HAVE access rights by default, that's the case in SQL Server 2000 -- when there is a guest user in any database, ANY login can access that database.

    I need to disable/delete the BuiltIn\Administrator login because, when it exists, anybody'd be able to login to SQL Server under WINDOWS authentication mode. And then they can go into MS Access and access SQL server data under WINDOWS authentication mode. They can even MODIFY the tables.

    Do you see my point ? I want to implement SQL authentication mode.
    I'm pretty sure about the Guest account and SQL Server 2005, yes. What you tell me about administrator tells me that you have serious issues in your network. If anybody have full access due to BuiltIn\Administrators, that mean everybody is administrator. THAT is something you should do something about, not the Administrators right to logon to the database server. If anybody can log on as an administrator, that basically means that anybody can get the data out of your database, or even ruin the server at any point, which is a far more serious threat than their administrative rights on the SQL Server.

    You should solve the real issue.
    Ole Kristian Velstadbråten Bangås - Virinco - MSSQL.no - Facebook - Twitter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •