Posted by louis on 09/28/07 14:45

Question about security best practice.

Several best practices articles recommend removing Builtin/
administrator from the sysadmin group. One side affect is that
several third party utilities will try to log in as "nt authority
\system". E.g. fulltext will attempt nt authority\system -- however
fulltext can be configured to use a domain account. Our commvault
tape backup attempts to do "live backups" using nt authority\system.
Googling suggests that various viruses have attempted to exploit nt
authority\system. A government cookbook says you can logon as
localsystem by using the ATScheduler.

Given all this -- I leaning towards recommending that Nt Authority
\system should only be given data-reader rights, if any rights at
all. Please let me know what you think.

- Louis

• Next in forum: Re: I want to return a string to a wrapper from a subordinate stored procedure
• Prev in forum: Re: Comparing two tables
• Thread view: nt authority\system?

[Reply to this message]