Ramblings of a DBA

Tara Kizer
posts - 165, comments - 832, trackbacks - 75

My Links

Advertisement

News

Subscribe
Search this Blog

Archives

Post Categories

Work

HOWTO run SQL Profiler without sysadmin rights

Over in the SQLTeam forums, eyechart has posted information about running SQL Profiler without sysadmin rights. 

I recently granted sysadmin rights to a developer so that he could run SQL Profiler in the development environment.  Permissions were granted for only a couple of days.  Now I won't have to do this anymore!

Print | posted on Monday, March 21, 2005 4:33 PM | Filed Under [ SQL Server - Database Administration ]

Feedback

Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

I followed your steps.Still its asking "sysadmin" rights :( Give me some detail steps...
3/24/2005 10:19 PM | Rafi
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

Please post your question in the thread.
3/25/2005 12:50 PM | Tara
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

if the network connections are there then surely with the permissions from admin.it will be quite difficult to do the task

3/27/2005 9:41 PM | srinivasan
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

Huh? Please explain further.
3/28/2005 9:34 AM | Tara
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

Hi Tara,

I just read this on your blog and was a little bit disappointed. (I read an excellent post of you on the forum and hoped that you would see the pitfall in this post).
This is a major security issue you create in your system. A developer will be sysadmin in just a few clicks. After starting the profiler a developer only has to click Tools, Enterprise Manager and now EM is started in SA context :-(

JP
7/14/2005 2:41 AM | JP
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

Did you even test it? Or did you assume something? You know what they say about assuming...

And besides, this isn't to allow a developer access to SQL Profiler in production.

I'm already having to grant temporary sysadmin in development for this (without this trick of course), so they can already do everything that they want during that short time frame.
7/14/2005 9:42 AM | Tara
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

This seems like a slick solution. Does it give the user a back door into sysadmin?
10/21/2005 12:54 PM | Jay
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

Tara,

When creating the batch file, would you include the path to the profiler tool or not?

Maria
5/15/2006 8:10 AM | Maria
Gravatar

# re: HOWTO run SQL Profiler without sysadmin rights

if you create a batch file that uses choice.exe that waits for a users input then look at your windows temp folder it creates a hidden copy of the decompiled bat file which shows the 'sa' password type %temp% in your start - run window.

If you dont use a batch file that waits for user input then the temp file is deleted. There is still a chance that the file is not deleted if you close the batch file window with out using the command exit. Then the file batch file remains in the temp folder.

This is too risky for me to have the programm create unencrypted temp files
5/18/2006 4:27 AM | maxxxxel
Comments have been closed on this topic.

Powered by:
Powered By Subtext Powered By ASP.NET