none
Revoke permission on registry extended proc

    Question

  • We are using a third party tool to find out all the vulnerabilities.

    It is showing high risk vulnarability in out SQL 2005 Cluster prod server.

    Description: Permission to execute the registry extended stored procedures have been granted to a user or group.

    workaround: USE master
    GO
    REVOKE EXECUTE ON [xp_regread] FROM public
    GO


    USE master
    GO
    REVOKE EXECUTE ON [xp_instance_regread] FROM public
    GO

    My quesion is- If we remove public permissions, is there any serious problems occurs at sql server end/application
    Wednesday, August 11, 2010 3:24 AM

Answers

  • Yes you can revoke / deny those permissions for public server roles as long as you don’t have any application feature that uses this extended proc under public role access.


    Thanks, Leks
    Wednesday, August 11, 2010 3:39 AM

All replies

  • Yes you can revoke / deny those permissions for public server roles as long as you don’t have any application feature that uses this extended proc under public role access.


    Thanks, Leks
    Wednesday, August 11, 2010 3:39 AM
  • We are using a third party tool to find out all the vulnerabilities.

    It is showing high risk vulnarability in out SQL 2005 Cluster prod server.

    Description: Permission to execute the registry extended stored procedures have been granted to a user or group.

    workaround: USE master
    GO
    REVOKE EXECUTE ON [xp_regread] FROM public
    GO


    USE master
    GO
    REVOKE EXECUTE ON [xp_instance_regread] FROM public
    GO

    My quesion is- If we remove public permissions, is there any serious problems occurs at sql server end/application

    you can give grant permission to loginuse which you are using in application if need.
    Paresh Prajapati
    http://paresh-sqldba.blogspot.com/
    LinkedIn | Tweet Me | FaceBook | Brijj
    Wednesday, August 11, 2010 11:46 AM