Re: User account to run WSUS under

A local admin on the SBS machine has a lot less privileges that a domain
admin in the SBS domain.

With WSUS 2.0, we couldn't specify the SQL Server instance it could use, and
that's not good design.

Since I have SBS 2003 Premium, I should be able to open port 80. But I
can't, since this is not a very secure product.

There are a lot of "experts" like Russ Grover on these forums, with not a
lot of expertise, but have become complacent for some unknown reasons. I just
wanted to keep them on their toes. I don't have the time to read a lot of
documentation, so these forums are the only place where I can get help. And
there are a lot ot people on these forums that don't have the time for
documentation either.



"Cris Hanna [SBS - MVP]" wrote:

I suppose you could log on as the local admin account, I'm not sure what
that gives you, since the domain admin is also a member of the local admin's
group...still a highly priviledged user account and group membership...

<I guess we should feel privileged at this time that we can at least specify
the SQL Server instance it goes against.>
And comments like these are not likely to win you any brownie points.

Strong passwords, a good firewall, and making sure that only the required
ports (port 80 is not required) are allowed in to your network and this
really shouldn't be an issue.
--
Cris Hanna [SBS - MVP]
Co-Author, Windows Small Business Server 2008 Unleashed
http://www.amazon.com/Windows-Small-Business-Server-Unleashed/dp/0672329573/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1217269967&sr=8-1

------------------------------------
MVPs do not work for Microsoft
Please do not submit questions directly to me.

"SPEnthusiast" <SPEnthusiast@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8E1678EF-8305-409F-A351-06F8874CC57C@xxxxxxxxxxxxxxxx
I logged onto my SBS machine as a domain admin and installed WSUS 3.0.
Everything works, but there's just this one problem - WSUS services, and
the
way it accesses my SQL Server instance are done using my domain admin
credentials. I would like to restrict WSUS so that it uses less privileged
credentials.

Can I install WSUS 3.0 by logging onto my SBS machine as a local admin?

And why couldn't Microsoft let us specify a less privileged domain user
account while installing WSUS 3.0? I guess we should feel privileged at
this
time that we can at least specify the SQL Server instance it goes against.

Thanks.



.

Relevant Pages

  • RE: Executing app with admin privileges
    ... just a particular application with admin credentials while the rest run ... Use any one of the "elevate my privileges during this software run ... Norwich University ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has ...
    (Security-Basics)
  • Re: Mac OS X Security - Not Quite as Strong as you Thought
    ... to secure the admin account. ... OS X actually makes some actual changes to the privileges. ... But the difference this makes is trivial; admin accounts ... It can be configured to demand a 'secure attention key', ...
    (comp.sys.mac.advocacy)
  • Re: privileged IDs and non-privileged IDs
    ... >security, and thus, wants us to differentiate IDs or usernames for admin ... I'd say that the convention is to use 'sudo', ... account to the account with just the needed privileges, ... Also, how to audit ...
    (comp.security.unix)
  • Re: How good is Comodo Internet Security?
    ... Since the token has the limitation of a standard user ... account, ... the child process under limited privileges, ... do out admin task within our LUA enviroment? ...
    (comp.security.firewalls)
  • Q: low permission cannot convert from A97 to A2000/2003
    ... A97, but the database is sent out and used by contractors (user permissions) ... Privileges are not being used for security reasons, ... The admin user has full privileges. ...
    (microsoft.public.access.conversion)