Account To Access SQL
Sep 28, 2005What is the best way of accessing a sql server on a live server? shall I use Integrated windows or use a special user account? If I use a user account, what are the needed priviledges to give it?
thank you
ADVERTISEMENT
Whether To Use Local System Account Or Domain Account For Service Account
Jan 5, 2006During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies View RelatedSA Account Access
Aug 3, 2007is there a way to limit the access of an sa account?
ex. preventing the sa acct. to view a table defenition or drop a table
Domain Account Trying To Access SQL
Oct 5, 2007
Hello,
I am seeing a couple of domain/username accounts trying to access SQL 2k5 SP2 and get the error above. The concern I have is these accounts shouldn't be trying to access SQL at all and do not exist is SQL hence the error The question I have is how can I track down what is trying to use this account and connect to sql? Thanks in advance.
John
SQL Server Log:
Message
Login failed for user 'DOMAIN ampbell'. [CLIENT: <named pipe>]
Message
Error: 18456, Severity: 14, State: 27.
Localsystem Account Access Deny
Jun 14, 2004Hi All,
I have a SQL server, as I use a domain account to log on to SQL server and Sql server agent, all maintanence plans work good, since I changed from a domain into Localsystem account to log on to SQL server, and Sql server agent, all maintanence plans didn't work any more, then I tried only keep Localsystem account at SQl server , using a domain log on to Sql server agent, but it's still failed to maintanence plans. The error in job history is"Executed as user: candyl. sqlmaint.exe failed. [SQLSTATE 42000] (Error 22029). The step failed.". And the message at Sql server log is :"BackupDiskFile::CreateMedia: Backup device 'D:Database BackupsNoon BackupESMDEV_db_200406141548.BAK' failed to create. Operating system error = 5(Access is denied.)". It looks like permission problem, but for Localsystem account which should has full permission, right? I tried may ways and searched from knowledge base , still couldn't find the related solution.
Anyone can give me some advices?
Thanks.
Sys Admin Cant Access SQL Server. Only SA Account Can?
Jul 20, 2005Hi All hope you can help.I have a SQL 2k Standard Ed. SP3 server that is in mixed securitymode.I have logged into EM with the sa account.Then added a Active Directory group (i.e. DomainDBAdmins) to theSystem Administrators for that server.When I try and modify the SQL server registration in EM to use trustedauthentication instead of sa I get a connection failed. Any ideas?Thanks,
View 3 Replies View RelatedHow Can I Create Account With Read Only Access?
Feb 5, 2008
Hello,
We have SQL Server 2005 with 300+ databases in it. It was set up by the conractor. How can I create new account with read-only access to all databases? Is there any "quick" method of doing it (like in Sybase, it is very easy). I've created new login, but I do not see where can I set up the permissions properly. Thanks
Slow Access Unless Administrator Account
Jun 27, 2006We have an issue with accessing SQL Server 2000 where the access of data from the database is slow unless the user is logged in as an administrator to their computer.
The system is as follows: SQL Server 2000 on a W2K server. Users logging into a Win 2003 domain server. Users using W2K on their workstations. Application is VB.NET using the Enterprise Library Data Block, connection pooling ON, and windows authentication.
We are assuming that the issue is down to one of authentication and that when a user is set as an administrator then they have instant access. We have been able to replicate the issue using just SQL server on a W2K workstation and accessing from another W2K workstation. Again data access is way slow unless the account is an administrator.
Glad of any ideas folks!
Kind Regards
Ian Logan
How To Give ASPNET Account Permission To Access DB's
Jun 16, 2005I'm creating one of my first asp.net pages, and it accesses an MS SQL database.It runs fine locally, but if you go to it remotely through a web browser, you get an exception saying that the database login failed for user ASPNET.My brother told me to do the following in SQL Server Managment studio. It seems I don't have that program installed, so I did it from the SQL command prompt.CREATE LOGIN [bigblueASPNET] FROM WINDOWSuse AdventureWorkscreate user [bigblueASPNET](Where "bigblue" is the computer name and "AdventureWorks" is the database my asp.net web page reads from).This only partially fixed the problem - now when you open the page remotely and try to access the DB I get an error message saying that permission to use the SELECT command is denied.I searched on these forums, and found this:http://forums.asp.net/69166/ShowPost.aspxFor future reference, let's call what my brother told me "Method 1" and what the previous poster did as "Method 2."I haven't tried method 2 because I don't know exactly what I am giving ASPNET permission to do. Does method 2 enable ASPNET to do anything to any database? It seems method 1 is more secure, as from the commands I could already tell it only has permission to access AdventureWorks.So, I'd prefer to use method 1. Can anyone tell me what further commands I can use to give ASPNET permission to do specific actions?If I can't figure out method 1 and have to do method 2, how can I undo what I did in method 1?Thanks!
View 1 Replies View RelatedSetting Up Access For Network Service Account
Mar 6, 2007I am trying to connect to a sql server from my asp.net application via windows authentication using the Network Service account. When I try to create a login for the ComputerNameNetwork Service account I get the following error.
I know I haven't mistyped it because I clicked the check names button and it showed as a valid id.
So what gives?
TITLE: Microsoft SQL Server Management Studio Express
------------------------------
Create failed for Login 'PREMIERDCNetwork Service'. (Microsoft.SqlServer.Express.Smo)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=9.00.3042.00&EvtSrc=Microsoft.SqlServer.Management.Smo.ExceptionTemplates.FailedOperationExceptionText&EvtID=Create+Login&LinkId=20476
------------------------------
ADDITIONAL INFORMATION:
An exception occurred while executing a Transact-SQL statement or batch. (Microsoft.SqlServer.Express.ConnectionInfo)
------------------------------
Windows NT user or group 'PREMIERDCNetwork Service' not found. Check the name again. (Microsoft SQL Server, Error: 15401)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&ProdVer=09.00.3042&EvtSrc=MSSQLServer&EvtID=15401&LinkId=20476
------------------------------
BUTTONS:
OK
------------------------------
SQL Server 2008 :: Unable To Access Database Using Service Account
Jun 22, 2015I'm trying to connect to a database using a service account that we got created. The ID is an AD account and was added to the db as such. When I try to connect to the database using the account with the password I get [login failed for domainid]. The DBA mentioned that its setup to use windows auth, however, I can't connect with this service account using windows Auth, due to I'm using to connect via code.
How can I connect to the database from my code using this ID?
I have the ID and pwd in my code to connect with, does the ID have to be setup differently in the Database?
Reporting Services :: Data Source Account And Folder Access
Apr 28, 2015I have a question about ssrs security. In report manager I have set a list of users as browsers, and the builtin administrators are content manager in the parent folder where reports are. A user that is not an administrator and neither a user I added, has access to reports.
I'm thinking this person is having access because the data source of the reports use a administrator account to connect to the analysis services using the option Credentials stored securely in the report server with the 2 checkboxes marked (use as windows credentials when connecting to the data source and impersonate the authenticated user).
I simply marked this option because SSRS is in 1 server and SSAS in other and I think kerberos need to be configured and I haven't looked into it, but I think the report access is separated from the data source.
SQL Database User Account Access Remotely Via SQL Management Studio Express
Aug 20, 2007Hi, I hope you can help.I have configured a Windows 2003 web server and SQL 2005 Server (on same box) to successfully allow remote connections and to allow access via SQL Server Management Studio Express 2005.The problem I have is that I want to restrict access to the databases on the server via the Management Studio to specific databases e.g. 1 database user "sees" only 1 database.I can configure it so that the user's remote access permissions do not allow access to other databases but they can still "see" the database listed in the Management Studio explorer.I can also configure it so that the users cannot see all the databases (by disabling View All Databases on SQL Server), but this means that they cannot not see their own database which they have permissions for.Is it impossible to have the desired behaviour of only displaying the database which the remote user accessing has permissions for and hiding all other databases?I have MSN'd,Googled and Yahoo'd this one to no avail :(Many thanksFergus
View 6 Replies View RelatedSQL Server 2008 :: Create Authentication Account With Read-write Access To Only 1 Table?
Apr 7, 2015How can I create a SQL authentication account with read-write access to only 1 table in a SQL database.
View 1 Replies View RelatedSA Account (DBA System Account) Granting Priveleges But SQL Server 2000 Not Applying Them
Dec 4, 2006I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
yours sincerely
Craig Hoy
DTS Fails As A Job With Service Startup Account As "System Account"
May 9, 2002I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Thank you in advanced.
Jorge
Xp_cmdshell Does Not Execute For Non-sysadmin Account Even With Proxy Account
Mar 2, 2004Hi all, i hope you can help me.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Can anyone help?
SQL Security :: What Windows Account Used Server Login To Access Server
May 14, 2015If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies View RelatedDomain Account Vs Local Account For SQLServerAgent
Jul 20, 2005Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
View 1 Replies View RelatedDomain Account Without A SQL Login Account
Apr 25, 2007I have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
- Larry
SA Account
Aug 23, 2001Hello everyone
I need some advice regarding security
My security officier wants me to disable the sa account on all my SQL Servers.
NT Security for the sysadmin role is already setup for all my servers
for the group "Domain DBAs"
Could someone give the pros and cons.
this Person wants the ability tho activate the sa account at will. (he comes from the AS400 Mind frame)
Second question are there any good books or courses that talk about securing SQL Server 7.0, 2000, etc.
Thanks
Sa Account With NT
Jul 14, 2000I have taken over a NT 4 and SQL Server 7 system that
has a NT account called SA. No one seems to know what it
is for. I thought that the SA account was only a SQL login.
has anyone seen this?
Thanks
SA Account
Oct 13, 2000Scenario: My client has 4 sql boxes with applications connecting to them via various methods (ado, odbc, etc.). Some of the applications have the SA login and pwd hard coded. Too many users have the SA pwd so they want to change the pwd without affecting the applications. Well, they haven't heard of Source Safe until I got here and the projects for the applications are nowhere to be found. They don't want to hear about rewriting the applications.
Suggestions: I'm wondering if I can create an account with the same priviledges of SA and modify the SA account. I'm not sure what's possible at this point because they have taken away most of my options.
If anyone has any suggestions, I would appreciate it.
Thanks for your help.
Sa Account
Nov 5, 2007This is my first time to install the SQL 2005 on my VPC for testing purpose, I don't recall that I did configure the sa account during the instalation.
Is their is any way after the installation to configure the sa account with a password? Please advice
Thanks
SQL SERVER ACCOUNT
Feb 20, 2008How can I find out what account sql server is running under?
View 2 Replies View RelatedCan't See ASPNET Account
Mar 24, 2008I installed SQL Server 2005 and Visual Studio 2005 and have discovered that the ASPNET machine account was not added as a user when going into "Computer Management". I obviously need this to run ASP.net apps.
I tried going to the Administrators group to add user ASPNET, but the system can't find this user.
How can I install the ASPNET account?
makimix
Locking Out The Sa Account.
Nov 17, 2004Hi,
I need to secure an sqlserver database such that it can only be accessed from an application and to prevent anyone with full admin rights on their local machine and an sqlserver licence from getting in to the database.
I am struggling with controlling access to the database from the sa account. If I attach to the database from a second instance of sqlserver which is different than that where the database was created then I am able to gain full access no problems, which is of course The Problem.
From what I can work out.
1. sa is dbo (and this cannot be changed)
2. dbo has the role of db_owner (and this cannot be changed)
3. the permissions for the db_owner role cannot be changed.
4. the password for sa is set at the level of sqlserver and not per database
.....so any sa can access any database.
I don't believe this so have to be missing something significant, any light on the subject would be gratefully received.
KeithT
ASPNET Account
Mar 1, 2006I seem to remember that when using VS2003 to create a website which connected to a MSDE database, I needed to explicitly grant access to the database for ASPNET machine account using the following SQL commands from within a .sql script:
EXEC sp_grantlogin '<machine>ASPNET'EXEC sp_grantdbaccess '<machine>ASPNET'
With VS2005, it sppears that upon creating an .MDF database in the App_Data folder this is no longer necessary.
I'd be interested to know why this is so. Does VS2005 automatically do this when the database is created?
If anybody could shed some light on this I'd be interested.
Thanks,Wayne.
Job Failure Under NT Account
May 17, 2001I have a DTS pkg containing VBScript scheduled as a job. The script creates an ADODB connection and opens it passing the servername, username, and password as parameters. We are using NT Authentication, and SQLAgent is using a domain account (SQLService acct).
The job runs fine if I specify a SQL username with SA authority in the ADO connection string. But if I try to use an NT acct it gets a login failure for the i.d. I also noticed that none of the NT login/users show up in the Job Owner drop down list of the job properties window.
My question is should I be able to run the job using just an NT account with SA authority or do I need both NT and SQL i.d.s to run jobs? What am I doing wrong?
BUILTINAdministrators Account
Jul 27, 2000As default, the BUILTINAdministrators account is
created during the installation of SQL Server 7.0.
The default access is to have the account in
the System Administrators server role which gives
them dbo access to each database.
Since I don't want my network administrators to
have sa privleges within SQL but still want them
to be able to access the databases, I've removed
them from the System Administrators server role.
The SQL Server Login Properties window still shows
the account having access into each of the databases
as dbo, however they are unable to view or access
any objects within the databases.
Shouldn't the account still have permissions, just not
as sa? Can someone please explain this to me? I've checked
BOL and several of the reference books I have, but don't
find any detailed information on this account.
Thank you
Toni
DBO Account ( V Urgent )
Feb 6, 2001The DBO account on a user database has managed to lose its SUID. This causes the account to appear in the sysusers table but not in the users collection in Ent Man.
Does anyone know a way to recover that does not involve restore from backup?????
SQL Services Account
Mar 28, 2002I want to remove the SQL Services account from the Local Adminstrators group of the server, so that it cannot be used to login, (using trusted sa).
I have removed from administrators in user manager, granted the account the rights to login as a service, edited the permissions on HKLMSoftwareMicrosoftMSSQLServer, HKLMSoftwareMicrosoftWindowsNTCurrentVersionPerlib , HKLMSystemCurrentControlSetServicesMSSQLServer for the account.
SQL now runs with the service account stopping and starting SQL services, but any Scheduled Tasks on the server do not run.
Any ideas what I can do to get the tasks to run, without adding the service account as an administrator on the server?
SQLAgentCmdExec Account
Jul 6, 2000I registered a server (SERVER2) belonging to the same domain as my computer through Enterprise Manager using the sa account of SERVER2. Both my server (SERVER1) and the remote server, SERVER2 have SQL Services running under a common domain admin account named,sqlservice. When I try to stop the Sql Server Agent service on Server2 from my Enterprise manager, I get the following error :
An Error 5 - (Access is denied) occured while performing this service operation on the SQLServer Agent Service.
The error log has recorded the following error :
[000] Password verification of the 'SQLAgentCmdExec' proxy account failed (reason: A required privilege is not held by the client)
Could someone please help me with this?
Thanks in advance,
Praveena