local security policy ?

ranjitcoolranjitcool Member Posts: 80 ■■□□□□□□□□
Hey Guys,

I had to setup a user to run the Mysql database on a windows server 2003 (sounds weird right)

How do i set the user to have limits when he logs in to the system.

for instance, if the user logs in i dont want him to change time or see control panel or access c drive.

is it group policy right ?

let me know i am new to windows servers.

thanks
rj
Cleared Network+, MCTS.
Want to clear - CCSA, CCNA, VCP for now.

Spending time @ www.itgrunts.com - Tech Juice, Not from Concentrate!

Comments

  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Does he actually need to log on to the server? There are tools from MySQL as well as other 3rd parties that will allow you to administer the server. I have it running on one of my servers, and I haven't logged on to that server once to administer it in over three years (when I originally installed it).

    But yes, you can set all that up in group policy.
  • ranjitcoolranjitcool Member Posts: 80 ■■□□□□□□□□
    Thanks for the reply,

    no he doesnt need to log onto the server.

    the service needs to run under that user account, this is for the mysql security.

    it states that the user account under which mysql runs should be thoroughly restricted.

    also how do i block its access to c drives and other drives. i gave the account access to mysql folder so does it mean it automatically does not have access to other drives?

    please let me know

    thanks
    rj
    Cleared Network+, MCTS.
    Want to clear - CCSA, CCNA, VCP for now.

    Spending time @ www.itgrunts.com - Tech Juice, Not from Concentrate!
  • gojericho0gojericho0 Member Posts: 1,059 ■■■□□□□□□□
    what kind of user is the sql service account? normally when you run the service as a user instead built in service account (local service least restrictive) you have more security issues because the process can access more things
  • ranjitcoolranjitcool Member Posts: 80 ■■□□□□□□□□
    hey guys,

    ok now i am a little confused, this is what i did.

    i created a local account on the server and assigned a password for it.

    added it to a mysql group.

    then changed the service for mysql to run under this account that i just created.

    I also gave the account rights to access (security and sharing) for the mysql folder.

    am i doing it right ? any other secure method ?

    now mysql runs as a service which is initiated by the local user i created.

    thanks
    rj
    Cleared Network+, MCTS.
    Want to clear - CCSA, CCNA, VCP for now.

    Spending time @ www.itgrunts.com - Tech Juice, Not from Concentrate!
  • dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Check out that link I posted. They walk you through everything.
  • ranjitcoolranjitcool Member Posts: 80 ■■□□□□□□□□
    its a pretty good link

    thanks looking at it now!

    rj
    Cleared Network+, MCTS.
    Want to clear - CCSA, CCNA, VCP for now.

    Spending time @ www.itgrunts.com - Tech Juice, Not from Concentrate!
  • dvalenzueladvalenzuela Member Posts: 123
    ranjitcool wrote:
    Hey Guys,

    I had to setup a user to run the Mysql database on a windows server 2003 (sounds weird right)

    How do i set the user to have limits when he logs in to the system.

    for instance, if the user logs in i dont want him to change time or see control panel or access c drive.

    is it group policy right ?

    let me know i am new to windows servers.

    thanks
    rj

    You can administer the DB through commands being a Administrator of the DB..
    close to MCSA!!
Sign In or Register to comment.