Re: Retrieve / list members of Sysadmin role without connecting to the SQL-server (API? Please help!)
From: Jacco Schalkwijk (NOSPAMjaccos_at_eurostop.co.uk)
Date: 03/25/04
- Next message: David Portas: "Re: removing spaces from string"
- Previous message: Jaco Bregman: "Re: removing spaces from string"
- In reply to: Tim Gorgs: "Re: Retrieve / list members of Sysadmin role without connecting to the SQL-server (API? Please help!)"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 25 Mar 2004 09:11:16 -0000
The Windows local administrators group is a member of the sysadmin SQL
Server role by default, so MBSA will have enough permissions to detect and
change all security settings on SQL Server. You can get the information
about the members of the server roles with EXEC sp_helpsrvrolemember,
regardless of the permissions of your login, but you still need to login
first.
-- Jacco Schalkwijk SQL Server MVP "Tim Gorgs" <google@supertimmy.com> wrote in message news:afa954a3.0403250017.5a74bdca@posting.google.com... > Well, I'm not too sure about that as I'm able to retrieve Windows > account-information from a system through an anonymous account which > is enabled by default... So it seems to be able that there is some > kind of equal mechanism to retrieve role members from SQL-server as > well... > > My question points to the direction of what the MBSA (Microsoft > Baseline Security Analyzer) does, to retrieve exactly such information > as members of certain roles etc., and this piece of software won't be > supplied with login-information for SQL-servers from the user, so > there must be a standard-way to be able to retrieve this information > (but keeping in mind that the MBSA runs with local admin rights on > every scanned system). > > I've posted my question here as in the mbsa newsgroup you usually only > get the answer that such questions won't be supported / answered which > isn't really helpfull... > > Thanks anyway, > > Tim > > Information about security permissions in SQL Server is stored inside system > > tables, so you have to log on to SQL Server to be able to retrieve them. > > Don't you think it would be a big hole in the security of a system if you > > would be able to retrieve security information about that system without > > authenticating yourself with that system first, which it what it seems you > > would like to do? > > > > -- > > Jacco Schalkwijk > > SQL Server MVP > > > > > > "Tim Gorgs" <google@supertimmy.com> wrote in message > > news:afa954a3.0403232347.7ba58611@posting.google.com... > > > Hi all, is there a way to retrieve the members of the Sysadmin (or any > > > other) role via a certain API-call? > > > > > > Or is my only chance to connect to the SQL server? If so, how can I > > > connect without any information about users / passwords that are > > > allowed to connect to the server? Is there something like an always > > > open "query account"? > > > > > > My problem is that I have to retrieve the members of the mentioned > > > role preferably without connecting to the server. > > > > > > Any help is very welcome, thanks in advance > > > > > > Tim
- Next message: David Portas: "Re: removing spaces from string"
- Previous message: Jaco Bregman: "Re: removing spaces from string"
- In reply to: Tim Gorgs: "Re: Retrieve / list members of Sysadmin role without connecting to the SQL-server (API? Please help!)"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
