Convert SQL Account To Windows Accounts + EXEC On ALL SPs
Apr 8, 2007
I am no DBA, but this is my task.
I have an SQL Server 2000 Database that has an "SQL Account" that has
execute permission on all Stored procedures. it is what was used by
the company. This one account is used by "all workstations".
I want to fix this and use Windows Accounts, and get rid of that SQL
Account. How do I go about adding that Windows Account permission to
all the Stored Procedures?
What I want to do is to just add several windows account then go about
removing the permission where necessary on an account by account
basis.
Any suggestions would be greatly appreciated!
View 2 Replies
ADVERTISEMENT
Apr 30, 2008
In SQL 2005, is this an acceptable (prefered) way to give an application account EXEC permissions for sprocs and funcs in a specific database?
CREATE ROLE db_executor
GRANT EXECUTE TO db_executor
And then of course assign my user to this role on the database level.
I am trying to get away from adding exec to every sproc "manually" and then of course also having to add exec for any new sprocs that get added into the database.
View 3 Replies
View Related
Jul 23, 2014
Installed sql server 2012 enterprise. Runs with the built in account fine.
I tried entering a domain account to run as the service account from sql configuration it fails with the error "the specified network password is not correct".
I tried from services.msc and entered successfully but when I try to restart it fails that the log in credentials are wrong.
the domain account and password I entered are just fine. What's it I should do or missing?
View 3 Replies
View Related
Mar 6, 2006
Hi,
I'm trying to make the select query attached neater by removing the list of accounts and simply providing a range. For the life of me, I can't seem to figure out how to do it. So hopefully one of you can help me out with this.
View 7 Replies
View Related
Dec 19, 2006
Hello,
I'm having a problem using Windows Accounts to login to a SQL 2005 Server.
Here is my setup. The SQL server and web server are separate machines. I'm also not developing directly on the web server.
SQL Server - Windows 2003 Server- SQL 2005- Set to use SQL and Windows AuthenticationWeb Server- Windows 2003 Server- IIS 6.0 - Anonymous Authentication is disabled - Integrated Windows Authentication is enabledApplication web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><appSettings> <add key="ETR_Environment" value="Dev"/></appSettings>
<connectionStrings> <add connectionString="Data Source=sql-dev-server, 1179;Initial Catalog=ENV_ETR;Integrated Security=SSPI;" name="ETR_Dev"/> <add connectionString="" name="ETR_Prod"/></connectionStrings>
<system.web> <compilation debug="true" strict="false" explicit="true"/> <pages> <namespaces> <clear/> <add namespace="System"/> <add namespace="System.Collections"/> <add namespace="System.Collections.Specialized"/> <add namespace="System.Configuration"/> <add namespace="System.Text"/> <add namespace="System.Text.RegularExpressions"/> <add namespace="System.Web"/> <add namespace="System.Web.Caching"/> <add namespace="System.Web.SessionState"/> <add namespace="System.Web.Security"/> <add namespace="System.Web.Profile"/> <add namespace="System.Web.UI"/> <add namespace="System.Web.UI.WebControls"/> <add namespace="System.Web.UI.WebControls.WebParts"/> <add namespace="System.Web.UI.HtmlControls"/> </namespaces> </pages>
<authentication mode="Windows"></authentication> <customErrors mode="Off"></customErrors> <authorization> <allow users="XXXWilliam.Klein"/> <deny users="*"/> </authorization></system.web></configuration>
The reason why I want to use the windows login to connect to the database is the application needs to keep track of who did what when entering and updating data but still keep them using there windows login accounts. So using a generic account will not work.
What keeps happening is I keep getting this error: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. When trying to connect the database. I've tried this on two web servers on another I get something slightly different: Login failed for user 'XXXWeb-Server$'.
Anybody able to give me any suggestions on how to fix this?
View 12 Replies
View Related
Aug 12, 2015
We are seeing login failures for windows accounts. Below is the error message.
Description: In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment:
Microsoft SQL Server 2014 - 12.0.2402.0 (X64)
RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon Error: 18456, Severity: 14, State: 11.
2015-08-10 22:36:45.290 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
2015-08-10 22:41:23.470 Logon Error: 18456, Severity: 14, State: 11.
2015-08-10 22:41:23.470 Logon Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
Troubleshooting done:
- Recreated the windows login in sql server. Doesn't work.
- ran sp_valdidatelogins. it doesn't return any rows.
- I belong to sysadmin role and when I say, getting below error message.
xp_logininfo 'domainloginname'
/*
Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 64
Could not obtain information about Windows NT group/user 'domainloginname', error code 0x5.
*/
We tried dropping this account and re-creating the windows account with same permissions but still result is same.It throws same error message. Login failure message !!!
View 18 Replies
View Related
Feb 12, 2008
In a previous thread, I got some help from you all in figuring out how to deploy a per-machine desktop application and database so that it would be available to all Windows accounts on the machine. Basically the advice was to create an SQL user for the database with the BUILTINUsers login which had the necessary privileges for connection.I have tried this approach, but I am still having problems with connections for unpriveleged users. I have given the database user the role of db_Owner as well as other roles, but it seems to make little difference. I have been trying the deployment on several machines running XP, and I get several different responses. But primarily I get the "CREATE DATABASE permission denied in database 'master'" error. All of these computers seem to have the same database user level permissions, but obviously there must be differences somewhere. That worries me from a deployment standpoint.
I don't want to make any changes at the server level login properties for Builtinusers, but I have experimented with changing these, and I've found that giving sysadmin privileges to BuiltinUsers works great. But I doubt that anybody would be very happy with that solution.
I'm confused about the "Create Database" message, because I'm not explicitly creating any database at application startup time. It also seems like this might be an attachment problem, but I'm not sure about anything. Is there really an attachment and detachment of the Express database every time the application is run?
So my bottom line questions are:
Which database level privileges do I need to give to my SQL user with BuiltinUsers login so that any Windows account can connect and write to the database?
Can I accomplish this goal without changing any server level privileges for the BuiltinUsers login.
Thank you.
View 7 Replies
View Related
May 15, 2008
This may be an idiotic question:
I am attempting to use Visual Web Developer Express with a connection to a SQL Express db from a non-admin account on my XP Pro SP2 machine.
I can do everything in the app under an admin login, but can't seem to configure the db to allow the non-admin account access to the db. I've tried tweaking WMI, using Network Service, Local Service, and Local System with NT AUTHORITY, individual logins, and group permissions, but I'm stuck.
Any thoughts?
View 5 Replies
View Related
Sep 15, 2002
hey,
i am currently trying to connect to sql server with one of the windows user accounts. I am trying to connect to it via a browser using a dns-less connection. I have put in all the correct user name and password details and it comes back with Login failed for user xxxxxxx.
If i create a user in sql server and put those login details in, it works fine.
Can i use windows users with a dns-less connection???
View 1 Replies
View Related
Aug 3, 2006
I have a scheduled job to perform exports of SQL databases to a file share. The file share is setup so everyone can write to it but only the AD account 'SQL.Bkup' can delete. I have setup SQL Server Agent to use this ID when performing backups but the backups fail each time when trying to delete old backup versions.
I have logged into this id (SQL.Bkup) and can delete files on that share without a problem.
Is there some thing I need to setup differently to get the backup process tol run with the correct authority?
Thanks,
Ken Nicholson
View 5 Replies
View Related
Aug 12, 2015
I cannot get a consistent answer as to how many domain accounts would be suggested in a SQL Server 2014 installation. Previously the recommendation was a separate account for each service to provide isolation and minimum permissions for each account. It seems from what I've read that a single domain account would have something added to make it unique from SQL Server's perspective. Several still advocate multiple accounts. I don't know if they are doing so because that's the way it's always been done or if there is still some compelling reason to do so. I don't want to create unnecessary accounts simply because something is "ideal."
View 8 Replies
View Related
Jul 15, 2015
We have a SQL database on a non standard instance. If I open SQL server manager and connect to that database using integrated Windows Authentication I can basically do whatever I want with that database.However, if I try to connect to that database remotely (or even from the sql server) using a test connection UDL it only works if I use Windows integrated security. If I specify my account details specifically (or any other account which has access) it doesn't want to connect.
View 13 Replies
View Related
Jul 23, 2015
Do we still need the below service accounts in SQL 2008+ version even if we have proper SQL service accounts added in the logins?
[NT AUTHORITYSYSTEM]
[NT ServiceMSSQLSERVER]
[NT SERVICEReportServer]
[NT SERVICESQLSERVERAGENT]
[NT SERVICESQLWriter]
[NT SERVICEWinmgmt]
View 0 Replies
View Related
Mar 23, 2007
Deal All:
I have got a strange problem on runing SSIS package, please help me.
The package contains a Script Task which function is downloading files from a SFTP server with using psftp command line application. It will run successfully with using dtutil.exe and as a job with using a ssis execute proxy(domian account as credential), but fail runing the package as a job with using a ssis execute proxy(local windows account as credential, although has Administrator permission).
It seems a permission problem, but I try a lot and can't solve it.
Would you kind give me some suggestion ?
Thanks a lot.
Tomorrow
View 4 Replies
View Related
Oct 26, 2006
I have some script which creates/grant priveleges to windows/nt users to DB but i frequently get the message below:
Windows NT user or group '<user or group>' not found. Check the name again.
I understand that this is because the said user/group is indeed not present in the environment I'm running the script (ie. testing and production environment).
But is it possible to have some sort of checking whether the user/group exists in the environment so that I could determine whether or not to call some lines of code?
Not sure if this is possible so i had to ask. c",)
View 7 Replies
View Related
Oct 11, 2007
I use a windows account "mydomainuser1" to login sql server
The "select current_user" always return "dbo" instead of "mydomainuser1"...
It also return "dbo" after i explicitly run "execute as user=''mydomainuser1" command
Why?
thanks
View 3 Replies
View Related
Nov 27, 2006
Hi,
I would like to know is it possible to installing sql 2005 express edition on windows xp with limited account. I tried to install it. After installing, the service can not start. Is there any thing that I misconfigured?
Thanks for reading and answering my post.
View 3 Replies
View Related
Nov 7, 2007
I noticed when I restore a master database to a server other then the one which created the backup of master, SQL Server contains the following three local security groups that were defined on the source server. The problem is these groups are "local" and do not apply to the server where master was restored.
ServerNameSQLServer2005MSFTEUser$ServerName$InstanceName
ServerNameSQLServer2005MSSQLUser$ServerName$InstanceName
ServerNameSQLServer2005SQLAgentUser$ServerName$InstanceName
For example, if you have a default SQL Server instance named MARKETING_TEST the security folder will contain the following three entries.
MARKETING_TESTSQLServer2005MSFTEUser$MARKETING_TEST$MSSQLSERVER
MARKETING_TESTSQLServer2005MSSQLUser$MARKETING_TEST$MSSQLSERVER
MARKETING_TESTSQLServer2005SQLAgentUser$MARKETING_TEST$MSSQLSERVER
If you then backup the master database on an instance named MARKETING_PROD and restore it to MARKETING_TEST, the security folder on MARKETING _TEST will now contain the following three entries.
MARKETING_PRODSQLServer2005MSFTEUser$MARKETING_PROD$MSSQLSERVER
MARKETING_PRODSQLServer2005MSSQLUser$MARKETING_PROD$MSSQLSERVER
MARKETING_PRODSQLServer2005SQLAgentUser$MARKETING_PROD$MSSQLSERVER
These entries would be invalid because no such server exists and therefor no such local groups exists. There appears to be no Microsoft documentation explaining how to handle these groups when restoring master from one server to another. My assumption is that whenever restoring master to another server you must drop these three groups and add the correct corresponding groups along with the appropriate permissions. I don't understand why SQL Server would not rebuild this information for you during a restore.
Any explanations?
Dave
View 8 Replies
View Related
Sep 16, 2015
We may need to change the account presently used to run the Windows Service "SQL Server Integration Services".What are the implications of making such a change?
View 5 Replies
View Related
Jan 5, 2006
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies
View Related
May 14, 2015
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
View 7 Replies
View Related
Oct 25, 2006
Ran a trace using profiler and found that the CLR is not using the ASPNET windows account to log into SQL 2005, instead using the admin. Some ado.net code does not work properly as a result. Have had to change the connection string to use SQL logins.Spec: Win XP Pro; IIS 5; 2.0.Is this normal? Where security and permissions are concerned, what changes, if any, are there from SQL 2000?
View 5 Replies
View Related
Dec 4, 2006
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
yours sincerely
Craig Hoy
View 9 Replies
View Related
May 9, 2002
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Thank you in advanced.
Jorge
View 2 Replies
View Related
Mar 2, 2004
Hi all, i hope you can help me.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Can anyone help?
View 2 Replies
View Related
Jul 20, 2005
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
View 1 Replies
View Related
Apr 25, 2007
I have a situation that I have discovered in our QA database that I need to resolve. When I looked at the Activity Monitor for our server, I discovered that a process is running under a domain user account for one of our .Net applications. The problem is that that domain user account has not been created as a SQL login account on the server. I am trying to figure out how someone can log in to the database server with a domain user account that has not been added to SQL Server as a login account.
Does anyone have any insight on this? I don't like the idea of someone being able to create domain account that can access the database without me granting them specific access.
- Larry
View 6 Replies
View Related
Oct 31, 2007
I have two SQL Server 2000 (one is localhost, one is remote with VPN IP 192.168.5.4).
I can select * from [192.168.5.4].db.dbo.test but I can't exec [192.168.5.4].db..spAdd in localhost.
These select and sp is OK for 1 or 2 week without any problem,but it didn't work one day.
Can some one explain why?
View 5 Replies
View Related
Jul 23, 2005
What does the "[dbo]." mean in the following sql script stmts?use [IBuyAdventure]GOif exists (select * from dbo.sysobjects whereid = object_id(N'[dbo].[Accounts]')and OBJECTPROPERTY(id,N'IsUserTable') = 1)drop table [dbo].[Accounts]GOand if you please, what does the "N" in N'IsUserTable' mean?thanks,-Steve
View 2 Replies
View Related
Aug 2, 2000
Can anyone tell me the purpose to using service accounts in SQL Server rather than just having the services start as a system account.
Thanks
John Shurer
john.shurer@gte.net
View 2 Replies
View Related
Mar 1, 2001
Hi,
How can i code a SQL statement that will return the top 20 accounts from a huge client table?
Thanks
View 1 Replies
View Related
Jan 26, 2012
I am setting up Replication and have a question about what's considered best practice for the accounts that will be running the replication agents. Microsoft says, "Run each replication agent under a different Windows account, and use Windows Authentication for all replication agent connections." What they don't say is whether these accounts are local accounts or domain accounts.
Which should I use/create, domain accounts or local accounts?
View 1 Replies
View Related
Jun 18, 2008
The following error keeps being reported in the Domain Controller Logs:
"There are multiple accounts with name MSSQLSvc/....."
View 1 Replies
View Related
