Remove BUILTIN\Administrators from SQL 2005

We have a server shared by two project teams. To tight the security, I want to remove BUILTIN\Administrators off the public and sysadmin server roles. My question: any thing I should pay special attention ? I use LocalSystem to start all SQL Service. I know this is not a very good pratice yet I have no choice as our company network is a mixed of windows and novell, we do not have AD.

Make sure that you have a sysadmin left after removing builtin\administrators. I have seen sql servers in integrated mode where someone removed builtin\administrators and then nobody could administer the server.

Local System is very powerful. Any code executed by SQL Server can change anything on the windows box so if you are running untrusted code inside SQL Server you need to be aware of that fact and the potential threat it represents.

to remove builtin\administraotrs

exec sp_dropsrvrolemember [BUILTIN\Administrators] , sysadmin

go

drop login [BUILTIN\Administrators]

go

hth,

-Steven Gott

S/DET

SQL Server

|||

Hi,

What about NT AUTHORITY\System account?

Is it needed?

Regards,

Jeremy

|||

Some management tools may be using it (for example MOM).

-Raul Garcia

SDE/T

SQL Server Engine

Remove BUILTIN\Administrators from SQL 2005

We have a server shared by two project teams. To tight the security, I want to remove BUILTIN\Administrators off the public and sysadmin server roles. My question: any thing I should pay special attention ? I use LocalSystem to start all SQL Service. I know this is not a very good pratice yet I have no choice as our company network is a mixed of windows and novell, we do not have AD.

Make sure that you have a sysadmin left after removing builtin\administrators. I have seen sql servers in integrated mode where someone removed builtin\administrators and then nobody could administer the server.

Local System is very powerful. Any code executed by SQL Server can change anything on the windows box so if you are running untrusted code inside SQL Server you need to be aware of that fact and the potential threat it represents.

to remove builtin\administraotrs

exec sp_dropsrvrolemember [BUILTIN\Administrators] , sysadmin

go

drop login [BUILTIN\Administrators]

go

hth,

-Steven Gott

S/DET

SQL Server

|||

Hi,

What about NT AUTHORITY\System account?

Is it needed?

Regards,

Jeremy

|||

Some management tools may be using it (for example MOM).

-Raul Garcia

SDE/T

SQL Server Engine

Remote Process of Report

Hi,

We have a reports running in a system in our internal network. Now our requirement is we have to publish the same report into web for the public. How can I do that..?

Note :

I can not install reporting service in my Web server system.

There should be a way to put the report from the reporting server to the web server and display in the webpage to the public.

This is really an urgent requirement.

Are you using RS2005? If so, you can embed the report viewer control into your ASP.Net application.|||

I'm using 2003, Is there any way to do this. My problem is I have to show a report to a website which is running in diffrent system in the same network.

the user will be provided by a hyperlink in the asp.net webpage by clicking the link the user should see the report.

Thanks

Mohan

|||

It is tricky in 2003 without the viewer control.

Your user's won't be authenticated against your RS backend, so you will have to get the contents of the report from within your ASP.Net application. You will want to use the HTMLFragment deviceinfo setting. The trickier part is resolving the secondary streams (like images and charts). You will have to use the StreamRoot deviceinfo to redirect image requests back to your ASP.Net application, so you can make them on behalf of your users.