SQLDebugger Logon Locally

Tutorials Win: Microsoft Windows Forum

I posted this on SQL newsgroup but I have received no answers so i am
reposting here.

THE PROBLEM
When i came into the office today I hit ctrl-alt-del and brought up the
logon menu. To my surprise the name in the User field was "SQLDebugger".
I was under the impression that this account was used only iternally to the
prgram and that by default it did not have local account logon privalleges.

Further, the event logs show five logons by the SQLDebugger from the IP
address 222.137.205.131...mainland china...

THE QUESTION
Is there a loophole being exploited?
Where can I disable or restrict this account?
It is not listed in Active directory.

Any help would be greatly appreciated.
Top

Re: SQLDebugger Logon Locally by Susan

Susan
Thu Jun 26 13:50:53 PDT 2008

Call 1-866-pcsafety
Instruct them that you need to speak to a PSS Security representative
that does forensic analysis of Servers.

Ping me back.
This needs to get looked at ASAP.


Liam Hawthorne wrote:
> I posted this on SQL newsgroup but I have received no answers so i am
> reposting here.
>
> THE PROBLEM
> When i came into the office today I hit ctrl-alt-del and brought up the
> logon menu. To my surprise the name in the User field was "SQLDebugger".
> I was under the impression that this account was used only iternally to the
> prgram and that by default it did not have local account logon privalleges.
>
> Further, the event logs show five logons by the SQLDebugger from the IP
> address 222.137.205.131...mainland china...
>
> THE QUESTION
> Is there a loophole being exploited?
> Where can I disable or restrict this account?
> It is not listed in Active directory.
>
> Any help would be greatly appreciated.
>
>
Top

Re: SQLDebugger Logon Locally by Susan

Susan
Thu Jun 26 13:52:22 PDT 2008

Liam Hawthorne wrote:
> I posted this on SQL newsgroup but I have received no answers so i am
> reposting here.
>
> THE PROBLEM
> When i came into the office today I hit ctrl-alt-del and brought up the
> logon menu. To my surprise the name in the User field was "SQLDebugger".
> I was under the impression that this account was used only iternally to the
> prgram and that by default it did not have local account logon privalleges.
>
> Further, the event logs show five logons by the SQLDebugger from the IP
> address 222.137.205.131...mainland china...
>
> THE QUESTION
> Is there a loophole being exploited?
> Where can I disable or restrict this account?
> It is not listed in Active directory.
>
> Any help would be greatly appreciated.
>
>
Can you ping me at sbradcpa-at-pacbell.net with your email address? I
want to ensure this gets handled appropriately.
Top