AnsweredAssumed Answered

Changing security setting using External Server Accounts

Question asked by Karnel on Jan 24, 2012
Latest reply on Jan 30, 2012 by RayCologon

I've seen several posts regarding External Server Accounts (ESA) not being able to change security settings. I actually liked the idea I could setup a local full access account that was the only account that had ultimate control over security, and ESAs could have access to everything (including database management) but not security.

 

I was using this as added level of security until I realized there is a way for ESA to change security settings! I discovered an ESA can't change existing accounts, but it can create a new full access local account and then use the new account to authenticate the changes. Does anyone know how to prevent an ESA from creating a new full access local account??

Outcomes