And BTW, it's Sunday ... it's acceptable for MS personnel to take the
**occasional" Sunday off :-)
> Only if the user really doesn't have rights - but in all honesty I'd bet
> money the user does have the rights to control services granted somehow.
> --
> Richard Waymire, MCSE, MCDBA
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> "BP Margolin" <bpma...@attglobal.net> wrote in message
> news:eeoqOI6SCHA.2556@tkmsftngp11...
> > Richard,
> > Thanks for the information ... then this is indeed a bug, right :-(
> > BPM
> > "Richard Waymire [MS]" <rwaymi...@microsoft.com> wrote in message
> > news:#zszp85SCHA.1864@tkmsftngp12...
> > > Yup - somehow the user has windows security rights to control
services -
> > we
> > > just call the win32 APIs to control services as the user.
> > > --
> > > Richard Waymire, MCSE, MCDBA
> > > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> > > "BP Margolin" <bpma...@attglobal.net> wrote in message
> > > news:eYFvP$pSCHA.1644@tkmsftngp08...
> > > > Johnathen,
> > > > Well, I'm out of ideas ... sorry ;-(
> > > > If no one else chimes in, you might consider opening a case with
> > Microsoft
> > > > Product Support Services. If it turns out to be a bug in Enterprise
> > > Manager,
> > > > then PSS should not charge you.
> > > > -------------------------------------------
> > > > BP Margolin
> > > > Please reply only to the newsgroups.
> > > > When posting, inclusion of SQL (CREATE TABLE ..., INSERT ..., etc.)
> > which
> > > > can be cut and pasted into Query Analyzer is appreciated.
> > > > "Johnathen Liew" <johnl...@rocketmail.com> wrote in message
> > > > news:e#fkdinSCHA.3552@tkmsftngp08...
> > > > > BP,
> > > > > I guess I didn't clearly specify the rights of the user. The user
is
> > > > holding
> > > > > a Window 2000 Login with Domain User default permissions,
therefore
> he
> > > is
> > > > > not suppose to stop any of the services of my SQL Server 2000.
> > > > > Thanks.
> > > > > Johnathen
> > > > > "BP Margolin" <bpma...@attglobal.net> wrote in message
> > > > > news:O$yHp1jSCHA.1496@tkmsftngp11...
> > > > > > Johnathen,
> > > > > > I did a quick review of this thread, and unless I'm mistaken you
> > never
> > > > > > actually answered the question about the permissions the user
has
> > re:
> > > > the
> > > > > > operating system. Forget about SQL Server for the moment. What
are
> > the
> > > > > > permissions for the user's Windows login? Would the user,
> completely
> > > > aside
> > > > > > from Enterprise Manager, be able to successfully issue a "net
> stop"
> > > for
> > > > > the
> > > > > > SQL Server Agent Services from a command prompt?
> > > > > > -------------------------------------------
> > > > > > BP Margolin
> > > > > > Please reply only to the newsgroups.
> > > > > > When posting, inclusion of SQL (CREATE TABLE ..., INSERT ...,
> etc.)
> > > > which
> > > > > > can be cut and pasted into Query Analyzer is appreciated.
> > > > > > "Johnathen Liew" <johnl...@rocketmail.com> wrote in message
> > > > > > news:enf0UrZSCHA.1644@tkmsftngp08...
> > > > > > > BP,
> > > > > > > As I said, the user uses the limited login to register the SQL
> > > server
> > > > on
> > > > > > his
> > > > > > > Enterprise Manager, but he is still able to stop the SQL Agent
> > > > > > Services....
> > > > > > > Any ideas?
> > > > > > > Johnathen
> > > > > > > "BP Margolin" <bpma...@attglobal.net> wrote in message
> > > > > > > news:Ov$ZuwTSCHA.3360@tkmsftngp11...
> > > > > > > > Johnathen,
> > > > > > > > Thanks for the additional information.
> > > > > > > > Check the login used to register SQL Server within
Enterprise
> > > > Manager
> > > > > > ...
> > > > > > > > Right-click the server name, choose Properties, choose "Edit
> SQL
> > > > > Server
> > > > > > > > Registration properties ..."
> > > > > > > > -------------------------------------------
> > > > > > > > BP Margolin
> > > > > > > > Please reply only to the newsgroups.
> > > > > > > > When posting, inclusion of SQL (CREATE TABLE ..., INSERT
...,
> > > etc.)
> > > > > > which
> > > > > > > > can be cut and pasted into Query Analyzer is appreciated.
> > > > > > > > "Johnathen Liew" <johnl...@rocketmail.com> wrote in message
> > > > > > > > news:uKqBGJNSCHA.3736@tkmsftngp11...
> > > > > > > > > Hi BP,
> > > > > > > > > Sorry for the lack of exact information. This restricted
> user
> > is
> > > > > > suppose
> > > > > > > > to
> > > > > > > > > connect thru the SQL Server by means of SQL Client Tools
and
> > > > > > > Connectivity.
> > > > > > > > > He will use Enterprise Manager to execute the DTS package.
> We
> > > > found
> > > > > > out
> > > > > > > > > that, he is able to stop the SQL Agent Service by going
into
> > > > > > Enterprise
> > > > > > > > > Manager, right-clicking the SQL Agent Service, and stop
it.
> > This
> > > > > user
> > > > > > is
> > > > > > > > > holding a SQL login, and is not holding any Windows 2000
> login
> > > in
> > > > > the
> > > > > > > SQL
> > > > > > > > > Server.
> > > > > > > > > Any ideas?
> > > > > > > > > Johnathen
> > > > > > > > > "BP Margolin" <bpma...@attglobal.net> wrote in message
> > > > > > > > > news:O8PQ$jLSCHA.1648@tkmsftngp08...
> > > > > > > > > > Johnathen,
> > > > > > > > > > You might indicate in the future the exact process by
> which
> > > the
> > > > > user
> > > > > > > is
> > > > > > > > > able
> > > > > > > > > > to stop the SQL Server Agent service.
> > > > > > > > > > It sorta sounds as if you are mixing SQL Server
> permissions
> > > with
> > > > > > that
> > > > > > > of
> > > > > > > > > the
> > > > > > > > > > operating system.
> > > > > > > > > > Stopping a service ... regardless if it is the SQL Agent
> > > > service,
> > > > > or
> > > > > > > any
> > > > > > > > > > other ... is a function of the rights of the user
defined
> on
> > > the
> > > > > > > > operating
> > > > > > > > > > system.
> > > > > > > > > > To express this another way ... the SA is god within SQL
> > > Server,
> > > > > > > right.
> > > > > > > > > > Well, unless the SA has the requisite operating system
> > > > > permissions,
> > > > > > > the
> > > > > > > > SA
> > > > > > > > > > can NOT start the SQL Server service. (BTW, just to
> > completely
> > > > > > > accurate,
> > > > > > > > > the
> > > > > > > > > > SA can stop SQL Server via the SHUTDOWN command, even if
> the
> > > SA
> > > > > > would
> > > > > > > > not
> > > > > > > > > > normally have the operating system permissions to stop
the
> > SQL
> > > > > > Server
> > > > > > > > > > service.)
> > > > > > > > > > Review the operating system rights granted the user.
> > > > > > > > > > -------------------------------------------
> > > > > > > > > > BP Margolin
> > > > > > > > > > Please reply only to the newsgroups.
> > > > > > > > > > When posting, inclusion of SQL (CREATE TABLE ..., INSERT
> > ...,
> > > > > etc.)
> > > > > > > > which
> > > > > > > > > > can be cut and pasted into Query Analyzer is
appreciated.
> > > > > > > > > > "Johnathen Liew" <johnl...@rocketmail.com> wrote in
> message
> > > > > > > > > > news:uvvEeaLSCHA.1756@tkmsftngp11...
> > > > > > > > > > > Hi,
> > > > > > > > > > > We have a scenerio, where we need to create a DTS
> package,
> > > > which
> > > > > > is
> > > > > > > > run
> > > > > > > > > by
> > > > > > > > > > a
> > > > > > > > > > > designated user. This user should have no other rights
> > other
> > > > > than
> > > > > > > > > running
> > > > > > > > > > > the DTS package. We created a login, with no Fixed
> Server
> > > > Roles
> > > > > > and
> > > > > > > no
> > > > > > > > > > > Database Roles. This user is able to execute the
> package,
> > > but
> > > > he
> > > > > > is
> > > > > > > > able
> > > > > > > > > > to
> > > > > > > > > > > stop the SQL Agent services as well, which is bad, but
> he
> > > > cannot
> > > > > > > > > > drop/create
> > > > > > > > > > > tables, which is good.
> > > > > > > > > > > Is this a SQL Server bug? Any idea anyone?
> > > > > > > > > > > We are using SQL Server 2000 Enterprise Edition with
> SP2.
> > > > > > > > > > > Thanks
> > > > > > > > > > > Johnathen Liew
> > > > > > > > > > > "Donna Lambert [MS]" <dlamb...@online.microsoft.com>
> wrote
> > > in
> > > > > > > message
> > > > > > > > > > > news:I0wk$8URCHA.2468@cpmsftngxa06...
> > > > > > > > > > > > Adrian,
> > > > > > > > > > > > Seems like it would be much simpler to password
> protect
> > > your
> > > > > dts
> > > > > > > > > > packages.
> > > > > > > > > > > > Just a suggestion.
> > > > > > > > > > > > Donna Lambert
> > > > > > > > > > > > Microsoft SQL Server Support
> > > > > > > > > > > > Disclaimer:
> > > > > > > > > > > > This posting is provided "AS IS" with no warranties,
> and
> > > > > confers
> > > > > > > no
> > > > > > > > > > > rights.
> > > > > > > > > > > > Are you secure? For information about the Microsoft
> > > > Strategic
> > > > > > > > > Technology
> > > > > > > > > > > > Protection Program and to order your FREE Security
> Tool
> > > Kit,
> > > > > > > please
> > > > > > > > > > visit
> > > > > > > > > > > > http://www.microsoft.com/security.
> > > > > > > > > > > > Recent viruses on the Internet
...
by