Disabling Logins Isn’t Enough

Shane O’Neill walks through how disabled unused sysadmin accounts can still compromise your system:

Notice that “Enabler” as part of securityadmin can see the disabled “AllThePower” login?

Great, we can see it, so let’s promote our CopyCat login!

Part of what makes security so hard is that it’s not enough to think of what a single principal can do; it’s what a chain of principals can do.

Related Posts

Sharing Power BI Content Via E-Mail

Steve Hughes looks at the security implications of being able to share Power BI reports through e-mail: My account does not have Power BI Pro, but now I can try it for free for 60 days and get access to the data while I am on the trial. I clicked both options, because I can. […]

Read More

Finding Where Power BI Local Credentials Get Stored

Eugene Meidinger hunts down where those local Power BI credentials live: With SSIS, you have to be careful to export the SSIS files without any sensitive information included. But what about Power BI? If you save the .PBIX files on OneDrive, can you be exposing yourself to a security risk? Looking at things, it looks […]

Read More


November 2016
« Oct Dec »