Posted by Laurence Breeze on 12/13/06 13:49

Thanks for your advice. I first noticed the logins in Management
Studio. I've done a bit more digging around and found some other
unexpected security objects.

Running sp_helplogins gives the 3 logins previously mentioned and 4
others I wasn't expecting:

##MS_AgentSigningCertificate##
##MS_SQLAuthenticatorCertificate##
##MS_SQLReplicationSigningCertificate##
##MS_SQLResourceSigningCertificate##

These also appear in the sys.server_principles catalog.

I'm comfortable with leaving these as they are, but I guess I always
like to "know" what unexpected database objects are for, how they work
etc. In addition, I have a centralised security system that records
DBMS server and DB permissions for multiple DBMS types. This is used by
my batch process that manages DBMS/database security each day. At the
moment for this one SQLServer 2005 server it thinks it should remove
these logins, which is a nuisence. I'll have to alter the batch job to
take account of these logins.

Thanks again.

Laurence Breeze,
DBA Team Leader,
The Open University.
UK


Erland Sommarskog wrote:
> Tony Rogerson (tonyrogerson@sqlserverfaq.com) writes:
>
>>Where are you seeing those Laurence?
>>
>>Permissioning for SQL Server 2005 is done through groups; are you sure
>>these aren't actual AD groups?
>
>
> I got the corresponding on my server (in sys.server_principals). And are
> definitely not any AD groups, as this is a workgroup machine.
>
> But they are indeed groups.
>
> I would not drop them. That could end in tears.
>
>

[Back to original message]