Chapter 16 -- Security

Chapter 16

This chapter will summarize some of the security-related issues we've looked at in earlier chapters, such as Microsoft Systems Management Server (SMS) accounts, and introduce a few new topics. We'll begin with an overview of the NTFS security SMS itself places on various directories. Then we'll review the use of internal and manually created SMS accounts and group accounts. You'll also learn how to set permissions on SMS objects through the SMS Administrator Console and how to create a custom SMS Administrator Console that incorporates SMS object security.

SMS builds several levels of security into its overall security model. At the top layer, SMS of course uses Microsoft Windows NT security—NTFS and share permissions, internal and system accounts, and internal groups. Next, the SMS Provider and Windows Management Instrumentation (WMI) security are established, including access control over SMS objects in the SMS Administrator Console. This level of security can be applied at the class or instance level, as we'll see in the section "Permissions and Security Objects" later in this chapter. Finally, security is enforced at the SQL server level through the use of integrated or standard security, as discussed in Chapter 2.