Sep
8

Microsoft SQL SERVER – Security

What are Builtin\Administrators?

SQL Server creates a default NT Group login called Builtin\Administrators during installations.This login facilitates the following

  • All local NT administrators on the server to have default sysadmin privileges 
  • Automatic access to system tables
  • Automatic access to user tables

How security is compromised?

SQL Server security is compromised as follows

  • Vulnerable to changes by local administrators by giving default sysadmin rights
  • System and user database objects can be tampered, changed or deleted
  • High chance of unknowingly deleting objects or critical data
  • No restrictions for these users as they are by default sysadmins
  • Business data can be compromised
  • Auditing is very difficult as tracing these logins is a performance hit on the server
  • Any unwanted hacker can gain access to SQL Server if he/she can get local administration rights
  • Microsoft article – http://support.microsoft.com/kb/263712

How to secure SQL Server from this login?

SQL Server can be secured from these logins by doing the following simple steps

  • Adding any of the local administrators logins using SQL Server explicitly to using their SSO id
  • Restricting these user privileges to appropriate access rights
  • Deleting the builtin\administrators default login and there by preventing any local NT administrator access to SQL Server
  • Microsoft article – http://support.microsoft.com/kb/263712

How secure is SQL Server without this login?

SQL Server is quite secured without this default login

  • Only authorized logins will be given access to SQL Server
  • No other login will be created other than authorized ones
  • System administrator privilege will only be granted to ‘SA’ SQL system administrator login and any other authorized personnel
  • Auditing is effective
  • Secured from unwanted users/hackers attack

How to remove this login?

Builtin\Administrator group NT login can be removed as follows

Impact Analysis

  • Analyzing logins that belong to this group and used in any of the services being created
  • If any appropriate login is found that login will be added to SQL Server with NT authentication

DELETING Builtin\Administrator Login

Phase I – Immediately removing the login from Development server after the above analysis

Phase II – Immediately removing the login from Stage server after the above analysis and results from development server

Phase III – Immediately removing the login from Production server after the above analysis and results from development and stage servers

Related Posts

  1. Why Upgrade to Microsoft SQL Server 2008?
  2. Cannot install SQL Server cluster on a computer that runs Microsoft Windows Server 2003
  3. An Introduction to Microsoft SQL Server 2008 – Part 1
  4. ORA-01035: ORACLE only available to users with Restricted Session privelege
  5. Consistency Errors in MS SQL Server 2000

Tags: , , ,

RedditFacebookStumbleuponDiggDel.icio.us Posted by Tech Guy SQL Server Subscribe to RSS feed

Leave a Reply

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>