SQL Registry Key Security

Issue

The Everyone group should not have more than Read access to the SQL registry keys. For example, if an unauthorized person has write access to the registry, they could change the authentication type for your server from Windows Authentication to Mixed mode, and use this change to try to gain access to your system through the sa account (system administrator). If a blank or weak password was assigned to that account, the unauthorized person could log on as system administrator. 

Solution

Ensure that the Everyone group is restricted to Read access for the SQL Server registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MICROSOFT SQL SERVER

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSSQLSERVER

WARNING : Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Instructions

1. Click Start, click Run, and then type regedt32.exe.
2. Expand the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MICROSOFT SQL SERVER.
3. On the Security menu, click Permissions.
4. Click Everyone, and make sure that only the Read check box is selected.
5. Repeat for the following key: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\MSSQLSERVER.

Additional Information

SQL Server 7.0 Security

Microsoft SQL Server 2000 Security

⌐ 2002 Microsoft Corporation. All rights reserved.