How to Restrict CmdExec access to the Sysadmin role
I came across a security warning from Microsoft Baseline Analyzer as it was checking out the security posture of a SQL deployment.
It highlighted the need for me to “Restrict CmdExec access to Sysadmin”. For the life of me, I didnt know how to do this, and a quick search didnt show any relevant results.
So this MSDN article outlilned the steps to take to be able to restrict cmdexec to sysadmins only.
To restrict cmdExec access to the sysadmin role
Start SQL Server Enterprise Manager, expand the SQL Server Group, and then expand your SQL Server.
Expand the Management node, right-click SQL Server Agent, and then click Properties.
The SQL Server Agent Properties dialog box is displayed.Click the Job System tab.
At the bottom of the dialog, select the Only users with SysAdmin privileges can execute CmdExec and ActiveScripting job steps check box.
Click OK.
My issue now is with the SQL 2008. It there a comparable way to do this? Or is this uneccessary in SQL 2008?
Filed under: Computing, Security
