Re: SBS 2008 allows admininstrator login via RWW?
- From: Ryan <mindflux98@xxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 17 Oct 2009 08:41:14 -0500
As postedin response to Russ, I think the Administrator account came
from my SBS 2003 migration.
I can disable it once I take the SBS 2003 server offline I suppose.
Originally I had tried to install RedGate SQL Backup using the NT
AUTHORITY\Network Service account but it could not create the backups
for whatever reason. AFAIK It was their suggestion to re-run the
installer and specify an administrator account to get that to work.
I don't think that SQL 2008 is set to run the service as administrator,
I think it just allows the domain\administrator account to add other
users/modify tables and such.
Since I'm obviously going to need to change how SQL and RedGate behave,
do you have any documents you might be able to point me to on how to add
another domain user (such as a Network Admin) to the SQL Permissions
table so that I can still manage my databases?
In article <ONvk2vuTKHA.4704@xxxxxxxxxxxxxxxxxxxx>,
"Charlie Russel - MVP" <Charlie@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
By default, SBS 2008 doesn't even have an administrator account, it's.
disabled. I'm not sure what you did to change that, but it probably wasn't a
great idea.
All administrative level accounts have RWW login privileges. That's by
design and not configurable that I'm aware of. SQL and other services
shouldn't be using the domain administrator account for a service account -
it creates all sorts of issues down the road, including the inability to
change the account password without hosing services.
If you want greater control over who has access to RWW, you can add a third
party tool such as RWWGuard from ScorpionSoft. (www.scorpionsoft.com). When
combined with AuthAnvil or another two factor authentication product it will
give you greater control (and security) on your RWW login.
--
Charlie.
http:/msmvps.com/blogs/xperts64
"Ryan" <mindflux98@xxxxxxxxxxxxxxxxxxxxx> wrote in message
news:mindflux98-1A7316.22105716102009@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
I was out today and decided to test my new RWW install with SBS 2008. I
could log in as my local domain username (which is an administrator),
but I could also log in as DOMAIN\Administrator.
Aside from completely disabling the account, is there a way to simply
remove RWW rights from the primary Administrator account? I tried to
change it in the SBS Console but that option is locked so I cannot
change it.
I've got some services on the Server 2008 (second instance) that use
that Administrator account (such as SQL Server 2008 and RedGate SQL
Backup) so I do not believe I can just rename the administrator account
without having to fiddle with those products (and possibly more that I
am not thinking of)?
So, my current options seem to be to make a really complex password to
prevent anyone from actually using it (other than myself) or... disable
the account (which is not favorable).
I tried to google for something regarding disabling RWW for
"Administrator", but came up empty handed so here I am asking for
assistance once again.
Thank you for your utmost patience.
-Ryan
- References:
- SBS 2008 allows admininstrator login via RWW?
- From: Ryan
- Re: SBS 2008 allows admininstrator login via RWW?
- From: Charlie Russel - MVP
- SBS 2008 allows admininstrator login via RWW?
- Prev by Date: Re: SBS2003 | Windows Server 2008 - Exchange 2007
- Next by Date: OT - Re: SBS2003 | Windows Server 2008 - Exchange 2007
- Previous by thread: Re: SBS 2008 allows admininstrator login via RWW?
- Index(es):
Relevant Pages
|
