hi,

I'm creating an app on local machines. These have a personal edition of as
installed.

What I want to do is secure the AS that I can only connect with our
application local user. Big problem is off course the local admin account.
I've deleten the OLAP Admin group of the machine. But the local admin still
can see everyting even if he doesn't have any rights to the OLAP database...

Anyone an idea?

Regards,
Nico

At http://support.microsoft.com/default...b;en-us;231951 you can
find a list of the permissions needed to administer an Analysis server.
Local administrators have all of this permissions, so they will be always
able to administer your analysis server

Francesco Anti

"verbani" <verbani (AT) discussions (DOT) microsoft.com> wrote

Look in the SP4 release notes, you will see that there is a new registry
setting which will disable the automatic granting of OLAP Administrator
permissions for machine administrators. However, it is still not full-proof
situation because any machine administrator can also add themselves to the
OLAP Administrators group by-hand. Thus the real bottom line is that there
isn't a real way to lock out an Administrator -- although with then new
registry setting you can at least force them to explicitly give themselves
OLAP Administrator permissions.

BTW: What is "personal edition of Analysis Services"? We have no such
product. What I think you mean is Developer Edition (which does include a
license for Analysis Services).

--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"Francesco Anti" <fanti_ (AT) _sicosbt (DOT) it> wrote

Dave,

So if I understand correctly if I delete the olap admin group would it then
be more secure if I also use the SP4?


BTW: There is a version of SQL Server called personal edition. It is
delivered with the entreprise and standard edition. And is meant as an
aditional part of an existing solution to be able to also work offline.

"Dave Wickert [MSFT]" wrote:

Dave,

I've installed SP4. (I checked the version of AS after installation, and it
was applied) The registry entry wasn't created automatically so I created it
manually.

But as administrator I can still connect to my cubes? What am I doing wrong?

Regards,
Nico

"Dave Wickert [MSFT]" wrote:

1) Are you specifically included in the OLAP Administrators group? If so,
then remove yourself. You must have at least *ONE* user specifically in the
OLAP Administrators group -- otherwise no one can administer your machine
since you've removed machine administrators from being also treated as OLAP
administrators by setting this flag in the registry.
2) I believe that you have to reboot for the registry changes to be
recognized by SP4
--
Dave Wickert [MSFT]
dwickert (AT) online (DOT) microsoft.com
Program Manager
BI SystemsTeam
SQL BI Product Unit (Analysis Services)
--
This posting is provided "AS IS" with no warranties, and confers no rights.


"verbani" <verbani (AT) discussions (DOT) microsoft.com> wrote

Dave,

The OLAP Administrators group is deleted. No one must administer these
machines. The only thing that has to be done is to be able to restore an
archive. And view data.

I've tried all. But still no results. I'm working with a virtual machine
to test. Could this be the problem???

Regards,
Nico

"Dave Wickert [MSFT]" wrote: