SQL Server Directory Access
Check Description
This check verifies that the following Microsoft® SQL Server™ directories have limited access to SQL Server service accounts and local Administrators only:
- C:\Program Files\Microsoft SQL Server\MSSQL$InstanceName\Binn
- C:\Program Files\Microsoft SQL Server\MSSQL$InstanceName\Data
- C:\Program Files\Microsoft SQL Server\MSSQL\Binn
- C:\Program Files\Microsoft SQL Server\MSSQL\Data
Note folders used by MSDE may appear similar to the following when viewing reports. MBSA will obtain the location of each instance of SQL or MSDE from the registry and check all appropriate folders.
- C:\Program Files\MSDE2000aInstance01MSSQL$MSDE2KINST01\Binn
- C:\Program Files\MSDE2000aInstance01DataMSSQL$MSDE2KINST01\Data
The tool scans the access control list (ACL) on each of these folders and
enumerates the users contained in the ACL. If any other users (that is, aside from the
SQL Server service accounts and Administrators) have access to read or modify these folders, the tool marks this check as a vulnerability in the security
report.
Additional Resources
SQL Server 7.0 Security
Microsoft SQL Server 2000 Security
©2002-2005 Microsoft Corporation. All rights reserved.