How can I "lock down" a database? That is, the database has very sensitive information. But anyone who is an admin on the server can potentially add a login and map that login to the database.
Do you think Database Encryption would work? It would take more administration and more system resources, but perhaps would work. If you use transparent encryption, it would not work, but perahaps other kinds in SQL 2005 / 2008? I haven't worked with encryption yet, so I'm not sure; I've only heard about it, and am thinking it may be an option. Otherwise, J.Kusch is right, you'd need to restriction the access to the physical box.
If the only admins you're worried about are those who have access to the actual server, then how about removing the built-in administrator account on SQL Server and requiring SQL authentication? You'd have to make sure it wouldn't break anything but it could help. Just a thought.
Ya know, I was just thinking...this is silly. If they're admin's on the box, they should be trustworthy. If they're not trustworthy, they shouldn't be admin's. Am I thinking about this wrong here?
Ovatvvon,
No you aren't thinking that wrong. Admins should be trustworthy. If you have admins which aren't get rid of them.
Fuzzy,
Why would you use SQL Authentication after removing the buildin\Administrators group from the server? SQL Authentication is much less secure than using Windows Auth as OLE passes the username and password in plain text when it's logging in when using SQL Auth.
Not to mention most people will not share their domain login with other employees, but they have no problem sharing other system passwords.
takaoki,
Setup Windows logins into the SQL Server for anyone who needs sysadmin rights (A domain group is the easiest way to do this and make sure that you don't loose access to the server). Once you have done this and made the group a sysadmin in the SQL Instance, remove the BUILTIN\Administrators group from having sysadmin rights.
If you are worries about your DBAs seeing your data, there isn't anything you can do about that.
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
Is it safe to remove BUILTIN\Administrators? I seem to recall reading an article somewhere that listed a bunch of caveats related to this. I'd have to dig it up.
If you use full text indexing you need to add the NT AUTHORITY\Local System account into the server with sysadmin rights as this is the account which the full text indexing service runs under, and SQL 2000 and older do not support running this service under an account other than the local system.
If you have a cluster make sure that the account which monitors the cluster is setup in the server so that it can connect or your instance will start bouncing between the nodes.
Make sure that your account is setup as a sysadmin before going this otherwise you'll lock your self out of the instance.
Those are pretty much the big gotchas.
Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.