RE: [ms-sql 2000] linked-servers and low privilege service account.

["Scott Ramsdell" <Scott.Ramsdell () cellnet com>]

Hamid,

When you used ODBC, did you happen to configure it as a User DSN?

If you set it up as a System DSN, it should be available to all users,
at least in my experience.

Hopefully a SQL guru is on list.

Kind Regards,
 
Scott Ramsdell
CISSP, CCNA, MCSE
Security Network Engineer

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of elite_netbios () yahoo com
Sent: Tuesday, April 24, 2007 2:21 AM
To: security-basics () securityfocus com
Subject: [ms-sql 2000] linked-servers and low privilege service account.

Hi,
While hardening ms-sql 2000 for a DMZ installation, I faced
with a problem, stopping me at serious point.

While using a normal user account for running SqlService , seems it's
not
possible to use defined linked servers (linking to Oracle in this case )
because
of limited privileges. After few try and errors I noticed that only
members of "Local Administrators"
are allowed to use defined linked servers , meaning 'SqlService' account
should be
SYSTEM or a member of admin group , which is not a good idea.
currently I'm using 'OLE provider for Oracle' . I tried ODBC link but
seems this solution requires
user to be privileged too.

How can I permit my defined low-privileged user account to work properly
in such scenario ?

regards
Hamid