Using SS2000. I'm trying to improve the security of our SQLServers. I have a server that has only 3 users. The BUILTIN, sa and a user called "dar".
The BUILTIN is the dbo for every database. If I try to remove the dbo from a database I get - "Cannot use the reserved user or role name 'dbo'. If I try to remove database access I get - "The database owner cannot be dropped."
How do I get rid of it?
I understand that I'll have to change the user that SQLServer Agent and Full Text Indexing use to logon. Is Full Text Indexing show up as Microsoft Search in Services?
Thanks,
--
Dan D.look at sp_changedbowner to change the owner to sa. As you noted, make sure
that the service accounts for mssqlserver, sqlserveragent can log in.
Full-text always runs as localsystem so make sure [nt authority\system] is a
valid login and sysadmin.
--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
> Using SS2000. I'm trying to improve the security of our SQLServers. I have
> a server that has only 3 users. The BUILTIN, sa and a user called "dar".
> The BUILTIN is the dbo for every database. If I try to remove the dbo from
> a database I get - "Cannot use the reserved user or role name 'dbo'. If I
> try to remove database access I get - "The database owner cannot be
> dropped."
> How do I get rid of it?
> I understand that I'll have to change the user that SQLServer Agent and
> Full Text Indexing use to logon. Is Full Text Indexing show up as
> Microsoft Search in Services?
> Thanks,
> --
> Dan D.|||no, fulltext is required to be localsystem unfortunately. And yes, that's
the right service.
--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
>I was thinking of creating a login called "SQLServer" with administrator
>priveleges and using it for mssqlserver, sqlserveragent and full text. Will
>this work for full text? And is the full text service actually called
>"Microsoft Search"?
> Thanks,
> --
> Dan D.
>
> "Richard Waymire [MSFT]" wrote:
>> look at sp_changedbowner to change the owner to sa. As you noted, make
>> sure
>> that the service accounts for mssqlserver, sqlserveragent can log in.
>> Full-text always runs as localsystem so make sure [nt authority\system]
>> is a
>> valid login and sysadmin.
>> --
>> Richard Waymire, MCSE, MCDBA
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
>> > Using SS2000. I'm trying to improve the security of our SQLServers. I
>> > have
>> > a server that has only 3 users. The BUILTIN, sa and a user called
>> > "dar".
>> >
>> > The BUILTIN is the dbo for every database. If I try to remove the dbo
>> > from
>> > a database I get - "Cannot use the reserved user or role name 'dbo'. If
>> > I
>> > try to remove database access I get - "The database owner cannot be
>> > dropped."
>> >
>> > How do I get rid of it?
>> >
>> > I understand that I'll have to change the user that SQLServer Agent and
>> > Full Text Indexing use to logon. Is Full Text Indexing show up as
>> > Microsoft Search in Services?
>> >
>> > Thanks,
>> > --
>> > Dan D.
>>|||So, if I remove the BUILTIN\administrator login you're saying I have to add a login for NT Authority\system. Is that correct? We're running Windows 2000/2003 on our servers. I don't see an NT Authority login. Is there another name for it?
Thanks,
--
Dan D.
"Richard Waymire [MSFT]" wrote:
> no, fulltext is required to be localsystem unfortunately. And yes, that's
> the right service.
> --
> Richard Waymire, MCSE, MCDBA
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
> >I was thinking of creating a login called "SQLServer" with administrator
> >priveleges and using it for mssqlserver, sqlserveragent and full text. Will
> >this work for full text? And is the full text service actually called
> >"Microsoft Search"?
> >
> > Thanks,
> > --
> > Dan D.
> >
> >
> > "Richard Waymire [MSFT]" wrote:
> >
> >> look at sp_changedbowner to change the owner to sa. As you noted, make
> >> sure
> >> that the service accounts for mssqlserver, sqlserveragent can log in.
> >> Full-text always runs as localsystem so make sure [nt authority\system]
> >> is a
> >> valid login and sysadmin.
> >>
> >> --
> >> Richard Waymire, MCSE, MCDBA
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> >> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
> >> > Using SS2000. I'm trying to improve the security of our SQLServers. I
> >> > have
> >> > a server that has only 3 users. The BUILTIN, sa and a user called
> >> > "dar".
> >> >
> >> > The BUILTIN is the dbo for every database. If I try to remove the dbo
> >> > from
> >> > a database I get - "Cannot use the reserved user or role name 'dbo'. If
> >> > I
> >> > try to remove database access I get - "The database owner cannot be
> >> > dropped."
> >> >
> >> > How do I get rid of it?
> >> >
> >> > I understand that I'll have to change the user that SQLServer Agent and
> >> > Full Text Indexing use to logon. Is Full Text Indexing show up as
> >> > Microsoft Search in Services?
> >> >
> >> > Thanks,
> >> > --
> >> > Dan D.
> >>
> >>
> >>
>
>|||no, that's the right name - are you getting an error when you add it? and
yes, that's what I'm saying you must do if you want to use full-text
search...
--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:405B8A4F-F683-46F0-AA1B-CC01780B65A2@.microsoft.com...
> So, if I remove the BUILTIN\administrator login you're saying I have to
> add a login for NT Authority\system. Is that correct? We're running
> Windows 2000/2003 on our servers. I don't see an NT Authority login. Is
> there another name for it?
> Thanks,
> --
> Dan D.
>
> "Richard Waymire [MSFT]" wrote:
>> no, fulltext is required to be localsystem unfortunately. And yes,
>> that's
>> the right service.
>> --
>> Richard Waymire, MCSE, MCDBA
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
>> >I was thinking of creating a login called "SQLServer" with administrator
>> >priveleges and using it for mssqlserver, sqlserveragent and full text.
>> >Will
>> >this work for full text? And is the full text service actually called
>> >"Microsoft Search"?
>> >
>> > Thanks,
>> > --
>> > Dan D.
>> >
>> >
>> > "Richard Waymire [MSFT]" wrote:
>> >
>> >> look at sp_changedbowner to change the owner to sa. As you noted,
>> >> make
>> >> sure
>> >> that the service accounts for mssqlserver, sqlserveragent can log in.
>> >> Full-text always runs as localsystem so make sure [nt
>> >> authority\system]
>> >> is a
>> >> valid login and sysadmin.
>> >>
>> >> --
>> >> Richard Waymire, MCSE, MCDBA
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> >> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
>> >> > Using SS2000. I'm trying to improve the security of our SQLServers.
>> >> > I
>> >> > have
>> >> > a server that has only 3 users. The BUILTIN, sa and a user called
>> >> > "dar".
>> >> >
>> >> > The BUILTIN is the dbo for every database. If I try to remove the
>> >> > dbo
>> >> > from
>> >> > a database I get - "Cannot use the reserved user or role name 'dbo'.
>> >> > If
>> >> > I
>> >> > try to remove database access I get - "The database owner cannot be
>> >> > dropped."
>> >> >
>> >> > How do I get rid of it?
>> >> >
>> >> > I understand that I'll have to change the user that SQLServer Agent
>> >> > and
>> >> > Full Text Indexing use to logon. Is Full Text Indexing show up as
>> >> > Microsoft Search in Services?
>> >> >
>> >> > Thanks,
>> >> > --
>> >> > Dan D.
>> >>
>> >>
>> >>
>>
>|||You won't see it but you should be able to add it using QA e.g.
exec sp_grantlogin [NT Authority\System]
--
HTH
Jasper Smith (SQL Server MVP)
http://www.sqldbatips.com
I support PASS - the definitive, global
community for SQL Server professionals -
http://www.sqlpass.org
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:405B8A4F-F683-46F0-AA1B-CC01780B65A2@.microsoft.com...
> So, if I remove the BUILTIN\administrator login you're saying I have to
add a login for NT Authority\system. Is that correct? We're running Windows
2000/2003 on our servers. I don't see an NT Authority login. Is there
another name for it?
> Thanks,
> --
> Dan D.
>
> "Richard Waymire [MSFT]" wrote:
> > no, fulltext is required to be localsystem unfortunately. And yes,
that's
> > the right service.
> >
> > --
> > Richard Waymire, MCSE, MCDBA
> >
> > This posting is provided "AS IS" with no warranties, and confers no
rights.
> > "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> > news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
> > >I was thinking of creating a login called "SQLServer" with
administrator
> > >priveleges and using it for mssqlserver, sqlserveragent and full text.
Will
> > >this work for full text? And is the full text service actually called
> > >"Microsoft Search"?
> > >
> > > Thanks,
> > > --
> > > Dan D.
> > >
> > >
> > > "Richard Waymire [MSFT]" wrote:
> > >
> > >> look at sp_changedbowner to change the owner to sa. As you noted,
make
> > >> sure
> > >> that the service accounts for mssqlserver, sqlserveragent can log in.
> > >> Full-text always runs as localsystem so make sure [nt
authority\system]
> > >> is a
> > >> valid login and sysadmin.
> > >>
> > >> --
> > >> Richard Waymire, MCSE, MCDBA
> > >>
> > >> This posting is provided "AS IS" with no warranties, and confers no
> > >> rights.
> > >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> > >> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
> > >> > Using SS2000. I'm trying to improve the security of our SQLServers.
I
> > >> > have
> > >> > a server that has only 3 users. The BUILTIN, sa and a user called
> > >> > "dar".
> > >> >
> > >> > The BUILTIN is the dbo for every database. If I try to remove the
dbo
> > >> > from
> > >> > a database I get - "Cannot use the reserved user or role name
'dbo'. If
> > >> > I
> > >> > try to remove database access I get - "The database owner cannot be
> > >> > dropped."
> > >> >
> > >> > How do I get rid of it?
> > >> >
> > >> > I understand that I'll have to change the user that SQLServer Agent
and
> > >> > Full Text Indexing use to logon. Is Full Text Indexing show up as
> > >> > Microsoft Search in Services?
> > >> >
> > >> > Thanks,
> > >> > --
> > >> > Dan D.
> > >>
> > >>
> > >>
> >
> >
> >|||I used what Jasper suggested and I now have an NT Authority\system login.
So do I leave the Microsoft Search service set to use "localsystem"? And after I remove the "BUILTIN\administrator" login, the service will use the NT Authority\system login?
Thanks,
--
Dan D.
"Richard Waymire [MSFT]" wrote:
> no, that's the right name - are you getting an error when you add it? and
> yes, that's what I'm saying you must do if you want to use full-text
> search...
> --
> Richard Waymire, MCSE, MCDBA
> This posting is provided "AS IS" with no warranties, and confers no rights.
> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> news:405B8A4F-F683-46F0-AA1B-CC01780B65A2@.microsoft.com...
> > So, if I remove the BUILTIN\administrator login you're saying I have to
> > add a login for NT Authority\system. Is that correct? We're running
> > Windows 2000/2003 on our servers. I don't see an NT Authority login. Is
> > there another name for it?
> >
> > Thanks,
> > --
> > Dan D.
> >
> >
> > "Richard Waymire [MSFT]" wrote:
> >
> >> no, fulltext is required to be localsystem unfortunately. And yes,
> >> that's
> >> the right service.
> >>
> >> --
> >> Richard Waymire, MCSE, MCDBA
> >>
> >> This posting is provided "AS IS" with no warranties, and confers no
> >> rights.
> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> >> news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
> >> >I was thinking of creating a login called "SQLServer" with administrator
> >> >priveleges and using it for mssqlserver, sqlserveragent and full text.
> >> >Will
> >> >this work for full text? And is the full text service actually called
> >> >"Microsoft Search"?
> >> >
> >> > Thanks,
> >> > --
> >> > Dan D.
> >> >
> >> >
> >> > "Richard Waymire [MSFT]" wrote:
> >> >
> >> >> look at sp_changedbowner to change the owner to sa. As you noted,
> >> >> make
> >> >> sure
> >> >> that the service accounts for mssqlserver, sqlserveragent can log in.
> >> >> Full-text always runs as localsystem so make sure [nt
> >> >> authority\system]
> >> >> is a
> >> >> valid login and sysadmin.
> >> >>
> >> >> --
> >> >> Richard Waymire, MCSE, MCDBA
> >> >>
> >> >> This posting is provided "AS IS" with no warranties, and confers no
> >> >> rights.
> >> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
> >> >> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
> >> >> > Using SS2000. I'm trying to improve the security of our SQLServers.
> >> >> > I
> >> >> > have
> >> >> > a server that has only 3 users. The BUILTIN, sa and a user called
> >> >> > "dar".
> >> >> >
> >> >> > The BUILTIN is the dbo for every database. If I try to remove the
> >> >> > dbo
> >> >> > from
> >> >> > a database I get - "Cannot use the reserved user or role name 'dbo'.
> >> >> > If
> >> >> > I
> >> >> > try to remove database access I get - "The database owner cannot be
> >> >> > dropped."
> >> >> >
> >> >> > How do I get rid of it?
> >> >> >
> >> >> > I understand that I'll have to change the user that SQLServer Agent
> >> >> > and
> >> >> > Full Text Indexing use to logon. Is Full Text Indexing show up as
> >> >> > Microsoft Search in Services?
> >> >> >
> >> >> > Thanks,
> >> >> > --
> >> >> > Dan D.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
> >
>
>|||correct.
--
Richard Waymire, MCSE, MCDBA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dan D." <DanD@.discussions.microsoft.com> wrote in message
news:70843D0C-586B-441F-AAA9-9ADE90E9ECFA@.microsoft.com...
>I used what Jasper suggested and I now have an NT Authority\system login.
> So do I leave the Microsoft Search service set to use "localsystem"? And
> after I remove the "BUILTIN\administrator" login, the service will use the
> NT Authority\system login?
> Thanks,
> --
> Dan D.
>
> "Richard Waymire [MSFT]" wrote:
>> no, that's the right name - are you getting an error when you add it?
>> and
>> yes, that's what I'm saying you must do if you want to use full-text
>> search...
>> --
>> Richard Waymire, MCSE, MCDBA
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> news:405B8A4F-F683-46F0-AA1B-CC01780B65A2@.microsoft.com...
>> > So, if I remove the BUILTIN\administrator login you're saying I have to
>> > add a login for NT Authority\system. Is that correct? We're running
>> > Windows 2000/2003 on our servers. I don't see an NT Authority login. Is
>> > there another name for it?
>> >
>> > Thanks,
>> > --
>> > Dan D.
>> >
>> >
>> > "Richard Waymire [MSFT]" wrote:
>> >
>> >> no, fulltext is required to be localsystem unfortunately. And yes,
>> >> that's
>> >> the right service.
>> >>
>> >> --
>> >> Richard Waymire, MCSE, MCDBA
>> >>
>> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> rights.
>> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> >> news:1CC74058-7E57-4C84-9163-3FDAB27EA214@.microsoft.com...
>> >> >I was thinking of creating a login called "SQLServer" with
>> >> >administrator
>> >> >priveleges and using it for mssqlserver, sqlserveragent and full
>> >> >text.
>> >> >Will
>> >> >this work for full text? And is the full text service actually called
>> >> >"Microsoft Search"?
>> >> >
>> >> > Thanks,
>> >> > --
>> >> > Dan D.
>> >> >
>> >> >
>> >> > "Richard Waymire [MSFT]" wrote:
>> >> >
>> >> >> look at sp_changedbowner to change the owner to sa. As you noted,
>> >> >> make
>> >> >> sure
>> >> >> that the service accounts for mssqlserver, sqlserveragent can log
>> >> >> in.
>> >> >> Full-text always runs as localsystem so make sure [nt
>> >> >> authority\system]
>> >> >> is a
>> >> >> valid login and sysadmin.
>> >> >>
>> >> >> --
>> >> >> Richard Waymire, MCSE, MCDBA
>> >> >>
>> >> >> This posting is provided "AS IS" with no warranties, and confers no
>> >> >> rights.
>> >> >> "Dan D." <DanD@.discussions.microsoft.com> wrote in message
>> >> >> news:D2E3D1A7-26E1-472F-94F4-D8CC036BF4B3@.microsoft.com...
>> >> >> > Using SS2000. I'm trying to improve the security of our
>> >> >> > SQLServers.
>> >> >> > I
>> >> >> > have
>> >> >> > a server that has only 3 users. The BUILTIN, sa and a user called
>> >> >> > "dar".
>> >> >> >
>> >> >> > The BUILTIN is the dbo for every database. If I try to remove the
>> >> >> > dbo
>> >> >> > from
>> >> >> > a database I get - "Cannot use the reserved user or role name
>> >> >> > 'dbo'.
>> >> >> > If
>> >> >> > I
>> >> >> > try to remove database access I get - "The database owner cannot
>> >> >> > be
>> >> >> > dropped."
>> >> >> >
>> >> >> > How do I get rid of it?
>> >> >> >
>> >> >> > I understand that I'll have to change the user that SQLServer
>> >> >> > Agent
>> >> >> > and
>> >> >> > Full Text Indexing use to logon. Is Full Text Indexing show up as
>> >> >> > Microsoft Search in Services?
>> >> >> >
>> >> >> > Thanks,
>> >> >> > --
>> >> >> > Dan D.
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>> >
>>
No comments:
Post a Comment