Hi Folks,
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applicatio
ns
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to logi
n
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applicat
ions
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (fo
r
> SA_Server1) ?
> They don't want any one to login to that server locally using that doma
in
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only
.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile
?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
Showing posts with label folks. Show all posts
Showing posts with label folks. Show all posts
Wednesday, March 28, 2012
MSSQ server service (widnows service) account configuration --
Hi Folks,
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applications
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to login
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applications
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
> SA_Server1) ?
> They don't want any one to login to that server locally using that domain
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
We have some inhouse applications developed using microsoft technologies
like C#.net,asp.net and sql server 2000 and we have third party applications
using sql server 2000.
In all our sql servers we configured as below.
we created domain level user accounts(service accounts) like SA_Server1.
we made that SA_server1 as member of local administrator group on the
server where SQLserver2000 software got installed.
we are using SA_server1 account to run mssqlserver service (windows
service).
All our proudction sql server are windows clusters with 2 nodes.
we have mixed mode authentication. And all users in Builtin/Administrators
group are sql users.
Using that domain level service account (SA_Server1) credentials,we can
login to that particualr sql server locally to check everything is working
fine.
Everything is working fine.
Recently Sarbanes-Oxley Audit conducted in our company.
One of the questions they asked is as given below.
1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
SA_Server1) ?
They don't want any one to login to that server locally using that domain
account credentials.
2.Why builtin/administrators are part of sql users?
How can we prevent anyone logging in to that sql server locally using that
service account credentials?
we will be giving that credentials for the 2,3 administrative people only.
But we don't want them also to login to that server locally using service
account credentials.
They should login to that server using their own windows accounts.
How can we turn OFF that interactive log-on?
is it in group policy or local policy or Active directory member profile?
What are the best security practices for sql server 2000 configuration
mainly with service accounts?
Any kind of help is greatly appreciated.
--KumarDeny Logon locally right to the account used to start sql server services is
recommended to prevent someone from using sql server service account to login
to the sql server.
Hope this hepls
"Kumar" wrote:
> Hi Folks,
> We have some inhouse applications developed using microsoft technologies
> like C#.net,asp.net and sql server 2000 and we have third party applications
> using sql server 2000.
> In all our sql servers we configured as below.
> we created domain level user accounts(service accounts) like SA_Server1.
> we made that SA_server1 as member of local administrator group on the
> server where SQLserver2000 software got installed.
> we are using SA_server1 account to run mssqlserver service (windows
> service).
> All our proudction sql server are windows clusters with 2 nodes.
> we have mixed mode authentication. And all users in Builtin/Administrators
> group are sql users.
> Using that domain level service account (SA_Server1) credentials,we can
> login to that particualr sql server locally to check everything is working
> fine.
> Everything is working fine.
>
> Recently Sarbanes-Oxley Audit conducted in our company.
> One of the questions they asked is as given below.
> 1.why Interactive log-in is turned ON for that mssqlservice accounts? (for
> SA_Server1) ?
> They don't want any one to login to that server locally using that domain
> account credentials.
> 2.Why builtin/administrators are part of sql users?
>
> How can we prevent anyone logging in to that sql server locally using that
> service account credentials?
> we will be giving that credentials for the 2,3 administrative people only.
> But we don't want them also to login to that server locally using service
> account credentials.
> They should login to that server using their own windows accounts.
>
> How can we turn OFF that interactive log-on?
> is it in group policy or local policy or Active directory member profile?
>
> What are the best security practices for sql server 2000 configuration
> mainly with service accounts?
>
>
> Any kind of help is greatly appreciated.
>
> --Kumar
>
Monday, March 12, 2012
Msg 3710, Level 16, State 1, Line 1
Hello Folks,
I am moving the model & Msdb databases to a different location and I have this error.
Thanks
Msg 3710, Level 16, State 1, Line 1
Cannot detach an opened database when the server is in minimally configured mode.
I was able to fix it, I used an ALTER DATABASE statement.
Thanks for the time.
|||What command are you using...the Alter DB stmt only works with TEMPDB...I thought? I am getting "Cannot detach an opened database when the server is in minimally configured mode." as well. I set the trace flag -T3608 and I get the message when I exec sp_detach_db 'msdb'
|||I was able to resolve this error by restarting SQL ServerMsg 3710, Level 16, State 1, Line 1
Hello Folks,
I am moving the model & Msdb databases to a different location and I have this error.
Thanks
Msg 3710, Level 16, State 1, Line 1
Cannot detach an opened database when the server is in minimally configured mode.
I was able to fix it, I used an ALTER DATABASE statement.
Thanks for the time.
|||What command are you using...the Alter DB stmt only works with TEMPDB...I thought? I am getting "Cannot detach an opened database when the server is in minimally configured mode." as well. I set the trace flag -T3608 and I get the message when I exec sp_detach_db 'msdb'
|||I was able to resolve this error by restarting SQL Server|||Mkae sure to set the SQL server Service to Automatic mode and restart the SQL Server Service resolved my problem.
Subscribe to:
Posts (Atom)