locked
Registry Extended Stored Procedures - Audit RRS feed

  • Question

  • Does MS have any set guidelines on revoking execute permissions on extended stored procedure for "SA" user? 

    The reason I am asking this question is due to a security audit finding that stated a High Security Risk for the SA users Permission being able to execute Registry Extended Stored Procedures.


    This is for sql server 2008 R2
    • Edited by bran kess Thursday, February 21, 2013 4:13 PM
    Thursday, February 21, 2013 4:08 PM

Answers

  • SA is a default SQL server sysadmin account. I will not suggest & its also not recomended to reduce access rights of SA.

    Instead of that,

    • You should configure your application to use diffrent user.
    • Other applciaiton user & DBA should user there userid with there respective rights
    • SA account is only for DBA, should be used in case of issues
    • If you do not wantto use SA & other SQL logins than switch your SQL server to windows authentication, most secured settigns in SQL server

    Regards,
    Rohit Garg
    (My Blog)
    This posting is provided with no warranties and confers no rights.
    Please remember to click Mark as Answerand Vote as Helpfulon posts that help you. This can be beneficial to other community members reading the thread.


    • Edited by RohitGarg Thursday, February 21, 2013 7:11 PM
    • Proposed as answer by Maggie Luo Friday, February 22, 2013 5:12 AM
    • Unproposed as answer by bran kess Friday, February 22, 2013 2:15 PM
    • Marked as answer by bran kess Friday, February 22, 2013 2:15 PM
    Thursday, February 21, 2013 7:11 PM