Only authorized users should be assigned permissions to SQL Server Agent proxies.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-15125	DM6045-SQLServer9	SV-23851r1_rule	ECAN-1	Medium

Description
Database accounts granted access to SQL Server Agent proxies are granted permissions to create and submit specific function job steps to be executed by SQL Server Agent. Unauthorized users may use access to proxies to execute unauthorized functions against the SQL Server instance or host operating system.

STIG	Date
Microsoft SQL Server 2005 Instance Security Technical Implementation Guide	2015-04-03

Details

Check Text ( None )
None

Fix Text (F-14809r1_fix)
Note: SYSADMINs have access to all proxies by default. For each user or group granted unauthorized access to a proxy (select based on returns from the SP_ENUM_PROXY_FOR_SUBSYSTEM results): From the query prompt: EXEC SP_REVOKE_LOGIN_FROM_PROXY '[login name]' @proxy_name = '[proxy name]' Replace [proxy name] with the name of the proxy and replace [login name] with the name returned in the SP_ENUM_PROXY_FOR_SUBSYSTEM procedure.

Fix Text (F-14809r1_fix)

Note: SYSADMINs have access to all proxies by default.

For each user or group granted unauthorized access to a proxy (select based on returns from the SP_ENUM_PROXY_FOR_SUBSYSTEM results):

From the query prompt:

EXEC SP_REVOKE_LOGIN_FROM_PROXY '[login name]' @proxy_name = '[proxy name]'

Replace [proxy name] with the name of the proxy and replace [login name] with the name returned in the SP_ENUM_PROXY_FOR_SUBSYSTEM procedure.