HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Potential risks of users connecting to SQL Server, through Excel, as sysadmin?

Submitted by: @import:stackexchange-dba··
0
Viewed 0 times
excelsqlconnectingusersriskssysadminthroughserverpotential

Problem

I recently discovered that a large swath of the finance department is using Excel to connect to my SQL Server 2000 instance with an account in the sysadmin role. What are my current risks that I should immediately communicate to the powers that be?

Solution

Pretty much everything.

I'd start with their potential ability to use xp_cmdshell (and sp_configure if they can't, so then they can ... and whatever the account returned by xp_cmdshell 'whoami.exe' can do....), then move onto their ability to do drop database.

Further risks include not just finance users being able to do these things, but any program on a finance machine gaining access to your sysadmin connection credentials...

(Other potential risks include the risk of discovering that one of TPTB set it up this way)

Context

StackExchange Database Administrators Q#25425, answer score: 9

Revisions (0)

No revisions yet.