Thanks for your advice. I first noticed the logins in Management
Studio. I've done a bit more digging around and found some other
unexpected security objects.
Running sp_helplogins gives the 3 logins previously mentioned and 4
others I wasn't expecting:
##MS_AgentSigningCertificate##
##MS_SQLAuthenticatorCertificate##
##MS_SQLReplicationSigningCertificate##
##MS_SQLResourceSigningCertificate##
These also appear in the sys.server_principles catalog.
I'm comfortable with leaving these as they are, but I guess I always
like to "know" what unexpected database objects are for, how they work
etc. In addition, I have a centralised security system that records
DBMS server and DB permissions for multiple DBMS types. This is used by
my batch process that manages DBMS/database security each day. At the
moment for this one SQLServer 2005 server it thinks it should remove
these logins, which is a nuisence. I'll have to alter the batch job to
take account of these logins.
Thanks again.
Laurence Breeze,
DBA Team Leader,
The Open University.
UK
Erland Sommarskog wrote:
Tony Rogerson (to**********@sqlserverfaq.com) writes:
>>Where are you seeing those Laurence?
Permissioning for SQL Server 2005 is done through groups; are you sure
these aren't actual AD groups?
I got the corresponding on my server (in sys.server_principals). And are
definitely not any AD groups, as this is a workgroup machine.
But they are indeed groups.
I would not drop them. That could end in tears.
