My Windows login is a domain administrator. I run MBSA and ask it to scan only my computer. I have removed Builtin\administrators from the sysadmin role in my SQL Server 2000 installation. The login is still there. MBSA is still able to get into my SQL Server and report that there is a guest user in Northwind and Pubs. It does not, however, report on the logins with weak passwords, which it did when Builtin\Administrators was a member of sysadmins. This leads me to believe that it does use the BuiltIn\Adminstrators login to access the SQL Server. Is this correct?
Thanks,
Sharon
I've been looking for an answer to your question. I'll post back when I'll get one.
Thanks
Laurentiu
|||MBSA connects with the user credentials and the analysis it can do will depend on the user rights. If you connect to the server thorugh the Builtin\Administrators group login and not some dedicated login, and if you removed this login from the sysadmin group, then MBSA will perform the checks as a non-privileged principal.
Thanks
Laurentiu
|||Thanks. That's what I determined from my testing and I am glad to have it confirmed.
Sharon
No comments:
Post a Comment