2012年2月14日星期二

disable all SA accounts remotly - access only for low user ?

Hi,
I need to access my web based SQL 2005 express edition database on 1433
using a user with minimal privileges that can only run a stored procedure. I
do this by connecting to IP / port.
Is there anyway I can disable SA using this same method but still allow SA
when I remote desktop to the machine and connect using Management Studio
Express.
I.e if I disable the account the SA account or other admin accounts I cant
login when I RDP into the machine.
The minimal privileges user can simply run a single stored procedure but
must do using 1433.
I just need to disable 1433 access for all other accounts and cant figure
out how to (I guess Management Studio Express connects using 1433 anyway so
im stuck).
If this is the case I guess I need to use SQLXML.
Thanks for any help
ScottI'm not sure, but you could try playing with something like:
DENY CONNECT ON ENDPOINT::TCP TO "sa"
(Check BOL for exact syntax)
I'm not sure whether such permissions are actually checked for sysadmins (le
t us know after your
test), and of course, you'd have to make sure some other netlib is used when
inside the private
network (like Shared Memory, which only work locally).
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www.solidqualitylearning.com/
"Scott" <www.sage-eshop.com> wrote in message news:O$T7b0J3GHA.4764@.TK2MSFTNGP05.phx.gbl...[
vbcol=seagreen]
> Hi,
> I need to access my web based SQL 2005 express edition database on 1433 us
ing a user with minimal
> privileges that can only run a stored procedure. I do this by connecting t
o IP / port.
> Is there anyway I can disable SA using this same method but still allow SA
when I remote desktop
> to the machine and connect using Management Studio Express.
> I.e if I disable the account the SA account or other admin accounts I cant
login when I RDP into
> the machine.
> The minimal privileges user can simply run a single stored procedure but m
ust do using 1433.
> I just need to disable 1433 access for all other accounts and cant figure
out how to (I guess
> Management Studio Express connects using 1433 anyway so im stuck).
> If this is the case I guess I need to use SQLXML.
> Thanks for any help
> Scott
>[/vbcol]
发帖者 insis 时间: 06:31
标签: , , , , , , , , , , , , , , , , , , ,

没有评论:

发表评论

订阅: 博文评论 (Atom)