One of the features of SSRS is that it allows users to store their credentials so that they can be used to execute the reports.
The problem is that in order to store the credentials, the credential must be granted "Log on locally" permission.
more details here
http://social.msdn.microsoft.com/Forums/en-US/sqlreportingservices/thread/198d2dd1-0faa-4514-b6e3-7ca5ea11c48a
Obviously this is a huge concern for me as an admin because now for all people who want to define a data source with stored credentials, they need to be granted "Log on locally" permission.
My questions is
1. If a user is granted log on locally permission. what can they do on the server?
a. can they remotely login
b. can they use powershell to do remoting
c. any other form of remote access?
b. any ability to program against the server
Also,
2. How can I minimize the effect of this permission? is it possible for me to grant this permission just so that the credential can be stored on the server but practically the user is not able to do anything with the server apart from the creation of data
source?
MSDNStudent Knows not much!
Need to support users over the internet? click here try our remote control online beta
Other recent topics
