Change privilege levels for SQL Server 2000 services

SQL Server 2000's two key programs -- the actual SQL Server and the SQL Server Agent -- typically run as services in the Local System user context. When SQL Server users access operating system features, usually through SQL Server's SA login, access is performed in the context of the accounts where the server process runs.

This may sound trivial, but if a security breach occurs, someone could execute arbitrary SQL Server code in an administrative context and terrible things could happen. For instance, the xp_cmdshell stored procedure can be used to run command-line codes in SQL Server's user context, which could allow an attacker to do anything from siphon out data to delete files.

To lock down that security hole, Microsoft recommends changing the user context that SQL Server runs in; typically you should create a domain user account with regular user privileges and run the SQL Server engine (MSSQLSERVER) in that context. To do this, create the user account, open SQL Server Enterprise Manager, right click on the SQL Server instance in question, select Properties | Security, and under "Startup service account," select "This account" and then supply the new user account name and password. You have to restart SQL Server for this change to take effect.

Note: When you make this change for SQL Server, you are also changing the context for the SQL Server Agent account. You may not want to do this if the Agent needs

    Requires Free Membership to View

to do any of the following:

  1. Connect to SQL Server via standard authentication (not recommended in the first place)
  2. Run ActiveX/CmdExec jobs owned by users who are not members of the sysadmin fixed server role (unlikely, but possible)
  3. Use a multi-server administration master server account that again connects using standard authentication (also unlikely and not a recommended configuration)

For the most part, you should be able to run the Agent in a regular user context without problems. Test your SQL Server setup with limited privileges during off hours if possible and be wary of any unexpected consequences that might come from running in a regular-user context.

About the author: Serdar Yegulalp is the editor of the Windows 2000 Power Users Newsletter. Check out his Windows 2000 blog for his latest advice and musings on the world of Windows network administrators – please share your thoughts as well!

More information from SearchSQLServer.com

This was first published in September 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.