Knowledgebase: Dedicated Server Guides
Run Microsoft SQL Server 2000 under a non-administrator account
Posted by Jay Sudowski (Import) on 26 September 2006 03:39 PM
We have seen a rise in the number of compromised hosts running SQL Server. We attribute this increase to poor customer code, which allows SQL Server injection. Some SQL Server injection techniques can make use of Microsoft SQL extended stored procedures to execute arbitrary commands. If your SQL Server services are running under LocalSystem, then your system can be compromised very easily, as the LocalSystem account has full access to the server. Follow the steps below to configure SQL Server to run under a non-administrator account



  1. Login to the server using Remote Desktop
  2. In Computer Management, create an account called SQLService. The password should be 12 chars minimum using upper case, lower case, numeric and special characters. Note the password used as it is required in later steps.
  3. Give the SQLService account read permissions on C: so that SQL can start. You will also need to give this permissions to any drives that have SQL Server data on them.

    • cacls c:\ /E /C /G "SQLService":R
    • Note: This permission will be inherited by any new folders created in the root of your drive, but not by any existing folders. Be careful here because this can lead to information disclusure vulnerability if the SQLService account gets additional, unncecessary permissions on folders in the root of the drive.

  4. Give the SQLService account full permissions on c:\backup\mssql so that backups can occur:
    • cacls c:\backup\mssql /T /E /C /G "SQLSErvice":F

  5. Open Enterprise Manager
    1. Right click on the server, go to properties.
    2. Select the Security tab. Change "Start and run SQL Server in the following account to:"
      • This account: .\SQLService
      • Password: Password entered in step 2.

    3. Click OK. You will be prompted with a dialog box indicating that following:
      • Changing SQL Server start up account information might force server to be stopped and restarted. Click OK to continue or click CANCEL to cancel the operation.
      • Click OK to proceed. This operation can take several minutes to complete because it makes many changes on the server (NTFS permissions, local security policy settings, SQL Server settings, etc). Do not be alarmed.

    4. Once this completes, expand Management -> SQL Server Agent. Right click and go to properties.
    5. Set the service startup account to the SQLService account.
      • This Account: .\SQLService
      • Password: Password entered in step 2.

    6. If the server is part of an active directory domain, it's neccessary to audit any existing SQL Server jobs and change any that are owned by a domain account to owned by SQLService account. This is required because the SQLService obviously doesn't have any rights to the active directory domain as it's a local account.

  6. Restart MSSQLSERVER and SQLSERVERAGENT services.

Troubleshooting startup issues


  1. Check your event log for errors.
  2. Check your relevant SQL Server logs - LOGS directory under your SQL Server installation, check ERRORLOG for MSSQLSERVER issues and SQLAGENT for SQL Agent issues.
  3. See if there are any DENIED events during start up of the services, using filemon.
  4. Refer to http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283811 and make sure all of the neccessary permissions and settings are in place.
  5. Worst case scenario, revert the services to localsystem by editing the service logon properties directory using the services MMC.
(627 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).