Restricting Interactive Logon Access

For maximum security, you should restrict which users have interactive logon access to the computer on which Microsoft SQL Server Analysis Services is running. Analysis Services users and administrators do not need to log on locally to access data or manage the instance of Analysis Services. Instead, these users can connect to the instance across the network, and therefore they require only network access rights.

On a member server in a domain, all members of the Users local group have permission to log on interactively. Because the Domain Users global group is added to the Users local group when a computer joins a domain, by default all domain users have permission to log on interactively to the computer on which Analysis Services is running. You should change this default by using the Local Security Policy tool, which is located in the Administrative Tools group on the computer.. For more information, see your Windows documentation or MSDN.

To increase the security of the Analysis Services computer more, consider taking the following steps:

  • Rename the default Microsoft Windows Administrator account and make sure that this account has a strong password.

  • Make sure that the Windows Guest account is disabled; this is the default.

  • Enable strong password policies for the Windows operating system by using the Local Security Policy tool. The strong password policy is enabled by default in Microsoft Windows Server 2003.