local security policy ?

Hey Guys,

I had to setup a user to run the Mysql database on a windows server 2003 (sounds weird right)

How do i set the user to have limits when he logs in to the system.

for instance, if the user logs in i dont want him to change time or see control panel or access c drive.

is it group policy right ?

let me know i am new to windows servers.

thanks
rj

Find more posts tagged with

Comments

dynamik

Does he actually need to log on to the server? There are tools from MySQL as well as other 3rd parties that will allow you to administer the server. I have it running on one of my servers, and I haven't logged on to that server once to administer it in over three years (when I originally installed it).

But yes, you can set all that up in group policy.

ranjitcool

Thanks for the reply,

no he doesnt need to log onto the server.

the service needs to run under that user account, this is for the mysql security.

it states that the user account under which mysql runs should be thoroughly restricted.

also how do i block its access to c drives and other drives. i gave the account access to mysql folder so does it mean it automatically does not have access to other drives?

please let me know

thanks
rj

dynamik

Check this out: http://dev.mysql.com/tech-resources/articles/securing_mysql_windows.html

gojericho0

what kind of user is the sql service account? normally when you run the service as a user instead built in service account (local service least restrictive) you have more security issues because the process can access more things

ranjitcool

hey guys,

ok now i am a little confused, this is what i did.

i created a local account on the server and assigned a password for it.

added it to a mysql group.

then changed the service for mysql to run under this account that i just created.

I also gave the account rights to access (security and sharing) for the mysql folder.

am i doing it right ? any other secure method ?

now mysql runs as a service which is initiated by the local user i created.

thanks
rj

dynamik

Check out that link I posted. They walk you through everything.

ranjitcool

its a pretty good link

thanks looking at it now!

rj

dvalenzuela

ranjitcool wrote:

Hey Guys,

I had to setup a user to run the Mysql database on a windows server 2003 (sounds weird right)

How do i set the user to have limits when he logs in to the system.

for instance, if the user logs in i dont want him to change time or see control panel or access c drive.

is it group policy right ?

let me know i am new to windows servers.

thanks
rj

You can administer the DB through commands being a Administrator of the DB..