SQL Server 2005 删除Windows 管理员"BUILTIN/Administrators"
来源:互联网 发布:angularjs实战 源码 编辑:程序博客网 时间:2024/05/16 07:43
SQL Server 2005 上禁用Windows系统管理员,禁用Windows身份认证。
http://support.microsoft.com/kb/932881/en-us/
Microsoft SQL Server 2005 安装程序创建一个您安装的每个服务的本地 Windows 组。 SQL Server 2005 安装程序将为每个服务服务帐户添加到其各自的组。 SQL Server 故障转移群集安装的 Windows 域组使用相同的方式。 由域管理员身份运行 SQL Server 2005 安装程序之前,必须创建这些域的组。 所有 Windows NT 权限和所需的特定服务的权限由系统访问控制列表 (SACL) 为每个 Windows 组都添加。域管理员不授予直接给服务帐户的权限。
此外,SQL Server 2005、 SQL Server 代理和 BUILTIN/Administrators 组创建的 Windows 组被授予 SQL Server 2005 SYSADMIN 固定的服务器角色中提供的 SQL Server 2005 登录。 此配置使是通过使用 Windows NT 身份验证连接登录到 SQL Server 2005 这些组的成员的任何帐户。 因为用户具有 SQL Server SYSADMIN 固定的服务器角色中的组成员身份,用户登录到 SQL Server 2005 作为 SQL Server 2005 系统管理员。(用户已登录通过使用 sa 帐户)。 不受然后,用户都有限制的访问到 SQL Server 2005 安装,并对其数据。 此外,任何用户都知道的 SQL Server 2005 实例或 SQL Server 代理服务帐户密码可以使用服务帐户登录到计算机上。然后,用户可以对 Windows NT 身份验证的连接 SQL Server 2005 作为 SQL Server 管理员。
此外将在您创建的 SQL Server 2005 报告服务 (SSRS) 和全文本搜索服务的 Windows 组被授予 SQL Server 登录名。 但是,不是报表服务和全文本搜索服务中 SYSADMIN 固定的服务器角色设置。
某些 SQL Server 2005 管理员需功能的角色和操作系统的系统管理员联系,以进行严格地分隔的数据库管理员联系。 这些管理员想要 SQL Server 2005 防止不需要由操作系统的系统管理员的访问。
The Microsoft SQL Server 2005 Setup program creates a local Windows group for each service that you install. The SQL Server 2005 Setup program adds the service account for each service to its respective group. For a SQL Server failover cluster installation, Windows domain groups are used in the same manner. These domain groups must be created by a domain administrator before you run the SQL Server 2005 Setup program. All the Windows NT rights and permissions that are required by a specific service are added by the system access control list (SACL) to each Windows group. The domain administrator does not grant permissions directly to the service account.
In addition, the Windows groups that you created for SQL Server 2005, for SQL Server Agent, and for the BUILTIN/Administrators group are granted SQL Server 2005 logins that are provisioned in the SQL Server 2005 SYSADMIN fixed server role. This configuration makes it possible for any account that is a member of these groups to log on to SQL Server 2005 by using a Windows NT authenticated connection. Because the user has a group membership in the SQL Server SYSADMIN fixed server role, the user is logged into SQL Server 2005 as a SQL Server 2005 systems administrator. (The user is logged in by using the sa account). Then, the user has unrestricted access to the SQL Server 2005 installation and to its data. Also, any user who knows the password for the instance of SQL Server 2005 or for the SQL Server Agent service account can use the service account to log on to the computer. Then, the user can make a Windows NT authenticated connection to SQL Server 2005 as a SQL Server administrator.
The Windows groups that you created for SQL Server 2005 Reporting Services (SSRS) and for the full-text search service are also granted SQL Server logins. However, Reporting Services and the full-text search service are not provisioned in the SYSADMIN fixed server role.
Some SQL Server 2005 administrators want the functional roles of the database administrator and of the operating system administrator to be strictly separated. These administrators want to protect SQL Server 2005 against unwanted access by the operating system administrator.
如何对操作系统的系统管理员 SQL Server 2005 更难进行不需要的访问
Also, if SQL Server 2005 is started in single-user mode, any user who has membership in the BUILTIN/Administrators group can connect to SQL Server 2005 as a SQL Server administrator. The user can connect regardless of whether the BUILTIN/Administrators group has been granted a server login that is provisioned in the SYSADMIN fixed server role. This behavior is by design. This behavior is intended to be used for data recovery scenarios.
For more information about security best practices for SQL Server 2005, see the "Security Considerations for a SQL Server Installation" topic in SQL Server 2005 Books Online.
- SQL Server 2005 删除Windows 管理员"BUILTIN/Administrators"
- SQL Server 禁用Windows 管理员"BUILTIN/Administrators"
- 解析 SQL Server的BUILTIN/Administrators用户
- SQL Server 的BUILTIN\\Administrators用户
- SQL 2008,忘记SA密码,又删除了sysadmin中删除了builtin\Administrators帐号
- MSSqlserver 恢复sa密码及 删除builtin\administrators后恢复
- WINDOWS SERVER 2003的管理员Administrators的密码忘记,怎样去掉密码
- SQL Server 2005 管理员概述
- MSSQL数据库的BUILTIN/Administrators到底是什么?
- SQLAGENT无法启动--BUILTIN/Administrators账号问题
- SQL server 2008删除管理员账户恢复办法
- Builtin/administrators 与 Domain Admins 用户组的来历与区别
- Builtin/administrators 与 Domain Admins 用户组的来历与区别
- sql server添加数据库管理员
- Builtin\administrators 与 Builtin\Domain Admins 用户组的来历与区别
- Sql Server 2005 专用管理员连接 (DAC) 使用技巧
- 买《细说PHP》赠送《SQL Server 2005管理员大全》
- [SQL Server 2005/2008]专用管理员连接(DAC)
- *****************押宝裆的不进来看看?**********************[
- 代码中有时候类和方法上面带[]的是什么意思
- 类型修饰符(type specifier)
- 高德纳
- 一天
- SQL Server 2005 删除Windows 管理员"BUILTIN/Administrators"
- asn.net 中使用ajax问题
- C/C++ 中“printf”函数源码
- x264命令行参数解释
- 今天开通了
- 破解linux用户root密码
- 关于js 里面调用后台方法
- 关于蘑菇
- Windows系统默认的SID 值