Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [ms-sql 2000] linked-servers and low privilege service account.

from [Scott Ramsdell] Network Security [Permanent Link]
Subject: RE: [ms-sql 2000] linked-servers and low privilege service account.
Date: Wed, 25 Apr 2007 11:11:43 -0400 
Hamid,

When you used ODBC, did you happen to configure it as a User DSN?

If you set it up as a System DSN, it should be available to all users,
at least in my experience.

Hopefully a SQL guru is on list.

Kind Regards,
 
Scott Ramsdell
CISSP, CCNA, MCSE
Security Network Engineer

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of elite_netbios@yahoo.com
Sent: Tuesday, April 24, 2007 2:21 AM
To: security-basics@securityfocus.com
Subject: [ms-sql 2000] linked-servers and low privilege service account.

Hi,
While hardening ms-sql 2000 for a DMZ installation, I faced
with a problem, stopping me at serious point.

While using a normal user account for running SqlService , seems it's
not
possible to use defined linked servers (linking to Oracle in this case )
because
of limited privileges. After few try and errors I noticed that only
members of "Local Administrators"
are allowed to use defined linked servers , meaning 'SqlService' account
should be
SYSTEM or a member of admin group , which is not a good idea.
currently I'm using 'OLE provider for Oracle' . I tried ODBC link but
seems this solution requires
user to be privileged too.

How can I permit my defined low-privileged user account to work properly
in such scenario ?

regards
Hamid
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Identifying Intrusions?, Lord Bane
Next by Date:  Re: Patch Management, modversion
Previous by Thread:  [ms-sql 2000] linked-servers and low privilege service account., elite_netbios
Next by Thread:  Enterprise Log Management Systems, Tornado
Indexes:  [Date] [Thread] [Top] [All Lists]