Perhaps someone can answer this question. I was given a document from a Microsoft consultant and setting up a secure SQL Server 2000 server for my company. This document is being used to setup standards for our enterprise implementation of SQL Servers.
In the document, it has a procedure of disabling the MSDTC service stating that, "the DTC can be used by COM+ applications to manage transactions across multiple database servers." But it really doesn't suffieniently state why this is a good security practice. Can anyone out there tell me why this is a good idea.
Background: We use the Standard Edition, and currently have no distributed servers out there, nor do we have replication. A side note, just recently we have been asked to install a replicated server for fail-over capability. Will disabling the DTC service hinder us?
I have what may be an elementary question; any help that anyone can provide would be greatly appreciated.
Assumptions: 1.) Running SQL Server 2000 on Windows 2000 2.) Using only Windows Authentication 3.) Have 2 databases 4.) I have a group of users that I need different Access to each database. a.) This group needs only "select" privileges to the tables and views in "database 1" b.) This same group needs DBA privileges (Add, Remove, and modify Tables, Views, etc.) to "database 2"
What would be the best, most efficient way to accomplish this? These users are currently a members of a Windows group which has only "select" privileges to the tables and views in "database 1".
Hi I'm going to put my database in setup file that I've been ready before. My Software could be use from database after installing in every system , but other users won't be able to access to data or structure of database , even with adding of database to SQLServe Enterprise Manager . How Should I can do about this ? Tanks very much
We have experienced an issue with back backup / restore of a database originating from SQL Server 2000 to SQL Server 2003.
We have the following setup:
SQL Server 2000
- DatabaseA
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseA
- DatabaseB
- asdfUser (SQL User)
- asdfUser is (dbowner) of DatabaseB
SQL Server 2005 Standard
-asdfUser is NOT Setup as a user yet.
-We restore DatabaseA and DatabaseB to the SQL Server 2005 Standard. The databases are restored with the security permissions of asdfUser being the DB Owner of DatabaseA and DatabaseB.
-We create a new SQL user named asdfUser on the SQL Server 2005 box. We then try to add the UserMapping of DBOWNER for the DatabaseA and DatabaseB. We receive an error message stating that the asdfUser already have permissions to the databases. We proceed with the user creation without those permissions.
-We proceed to the login properties of the asdfuser and view their UserMappings. The asdfUser does not have access to DatabaseA or DatabaseB. We then add the UserMapping of DBOWNER to both DatabaseA and DatabaseB. We Try to select OK and we receive an error message that states that the user already has those permissions.
-When we query the UserID's of the asdfUser that is in the database and the UserID of the asdfUser that is created, they are two different values.
i was trying to install sql server 2000 enterprise edition on win 2003 with SP1. i got stuck with this error sayinbg;"the driver software you are installing has not been properly signed with Autheticode(TM) technology. therefore windows cannot tell if the software has been modified since it was published. the publisher's identity cannot be verified because of a problem, The installed INF file does not contain digital signature infromation"
Do you still want to install this driver software?
No matter what i click, either yes or no, it takes me nowhere. i googled it everywhere still could not find a solution. please let me know if you guys got any idea.
First off is it possible to limit access to one specific table within a SQL 2000 database? If so could someone point me in the correct direction on doing this?
Hi , I am trying to connect to MS Sql server 2000 from Java (1.4.2 /1.5 ). I installed my Sql Server(8.00.382) from the one supplied withVS.NET 2001. When I installed it on my laptop it did not ask me for auser name and password. After install when I re-started my machine Isee the server started up with a green light. Now when I connect to theserver from VS.NET it works fine. This is because VS uses windowsintegrated security. I now need to connect using Java , so I downloadedthe microsoft drivers for SQL2000-JDBC sp3 from the microsoft site. Iadded the jar files to my Java project classpath. I manage to registerthe driver in java :Class dbClass = ClassLoader.getSystemClassLoader().loadClass("com.microsoft.jdbc.sqlserver.SQLServerDriver");DriverManager.registerDriver((Driver) dbClass.newInstance() );Connection conn =DriverManager.getConnection("jdbc:microsoft:sqlserver://localhost:1433;_integrated security=SSPI");but cannot seem to get a connection as it gives an SQLException sayingthat it is unable to connect:java.sql.SQLException: [Microsoft][SQLServer 2000 Driver for JDBC]Errorestablishing socket.I cant seem to figure it out.Can some one help ??I am a newbie to sqlserver so couldnt quite figure out how to changeadmin password or create a new user with the tools provided with thisversion of sql (SQL Server Desktop Engine).Any help will be appreciated.Ebby
I have setup a new SQL 2000 SP4 and internal auditor query about revoke permission from Public role and remove guest from all databases.
1. Can I revoke all default permissions (select on system tables in all DBs) from "Public" role? I am concern any error after such action.
2. I found that guest account in DB -- master, tempdb and msdb. According to Microsoft documents. The account should not remove and can't from master and tempdb. How about msdb?
Can anybody tell me the advantage and disadvantage to use NT security for SQL Server 7.0? For a corporation with 400 users, what is your recommendation for the SQL Server security management. Thanks.
I have posted this issue for a week, haven't got any reply yet, I posted it again and desperately need your help.
The article http://msdn2.microsoft.com/en-us/library/ms365343.aspx says: Model Item Security can be set for differnt security filters, but when I use SQL Server Management Studio to set Model Item Security, it seems "Permissions" property surpass "Model Item Security" property. -- My report server is using Custom Authentication.
For example, in "Permissions" property of the model, if I checked "Use these roles for each group or user account" without setting any user or group, no matter what users I added to "Model Item Security" with "Secure individual model items independently for this model" checked, NO one user can see the model on report manager and report builder;
in above situation, if I added "user1" and gave role such as "Browser" role to "user1" in "Permissions" property, if I checked "Secure individual model items independently for this model" in "Model Item Security" property, even I did NOT grant "user1" to root model and any entities under the model, the "user1" is able to access the model and all entities in report builder.
My question is on the same report model, how to set "AdminFilter" (empty security filter) for administrator permissions and set "GeneralFilter" (filtered on UserID) for general user based on their UserID?
The article also says:
"Security filters are always applied, even for users who have Content Manager or Administrator permissions to the model. To allow administrators or other users to see all rows of an entity on which row-level security is defined, you can create an empty security filter (which always returns True) and then use the filter to grant those users access to all the rows."
So I defined 2 filters "GeneralFilter" and "AdminFilter" for "Staff" entity for my report model "SSRSModel", I expect after I deployed the report model, the administrator users use report builder to build reports with all rows available, and the non-admin users can only see rows based on their UserID.
I can only get one result at a time but not both:
either the rows are filtered or not filtered at all, no matter how I set the "SecurityFilter" for the entity: I tried setting both "AdminFilter" and "GeneralFilter" for SecurityFilter at the same time, combination of "DefaultSecurityFilter" and "SecurityFilter", or one at a time.
Hello, i have a question that the sql server 2000 is install in window 2000 server. If i want to update to window 2003. Is that any problem in sql server 2000. I am worry about whether we will have problem after update. What i need to do? Many thanks.
Is there any possibility to schedule SQL job execution as Windows Security Group? I need to run powershell script through SQL job with one of this group member's permissions.Â
I have Sql Server Express installed on Vista (service pack 2)
I have Visual Studio 2005 with an application that I'm trying to access it with within a WCF service.
The login ID of the service is added to the database.
The database has remote access turned on.
The ID is granted access to all databases within the server.
The thread is being set with WindowsProvider and the services set their thread to WindowsProvider.
The dataserver is set with using Windows Authentication for security.
When I open my connection to the database, though, it reports the typically useless message that the connection is not allowed and that the server may not allow remote connections.
How to I get past this? I've done everything right.
I want to use an Active Directory security group that is a Distribution List for a new role assignment for an existing report. Can someone tell me if this is possible? I get an error each time I try:
The user or group name <DLName> is not recognized. (rsUnknownUserName)"
I have created an EndPoint in SQL Server 2005 as per the code below.
CREATE ENDPOINT OSTC_LMS_Endpoint
AUTHORIZATION LMSEndPointUsers
STATE = STARTED
AS HTTP(
PATH = '/ostc_sql_endpoint',
AUTHENTICATION = (BASIC),
PORTS = (SSL),
SITE = 'OSTC-DEV-001'
)
FOR SOAP (
WEBMETHOD 'ostc_SQLSoapTester'
(name='OSTC_LMS_06.dbo.ostc_SQLSoapTester',
FORMAT = ROWSETS_ONLY,
SCHEMA=STANDARD),
WSDL = DEFAULT,
LOGIN_TYPE = MIXED,
SCHEMA = STANDARD,
DATABASE = 'OSTC_LMS_06',
NAMESPACE = 'http://tempUri.org/'
)
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [LMSEndPointUsers]
GO
USE master
GRANT CONNECT ON ENDPOINT::OSTC_LMS_Endpoint
TO [ostc-dev-001endPointUsers]
GO
----------------------------------------------------------------------------------------------------------------- The SPROC being exposed as the webmethod: -
The computer in question is our dev server and is running as a workgroup machine with the following: - Win Server 2003 SQL Server 2005 .net Framework 2.0 No firewalls or Proxies are in the way.
The computer has to be as a workgroup machine to reflect our live server.
The user LMSEndPointUsers is a SQL Server Login The user ostc-dev-001endPointUsers is a machine login
We have employed the Security class as per the information given in the SQL Server documentation with the intention of using the WS-Security headers that apparently are to be used when trying to authenticate using a SQL Server login.
My SQL 7.0 server is currently querying the SAM database on the PDC for Windows NT authentication. How can I force it to use the SAM database on the server(BDC) that I specify?
1. I have sql 2008 R2 running on my LocalHost. 2. Created Data Base [Customer]. 3. Created Linked Server [CUSTOMERLINK] USING Microsoft Jet 4.0 to link to Drive F:Data which has DBF files in it. 4. Create dbo.Customer_Upload Table. 5. INSERT INTO [Customer].[dbo].[Customer_UpLoad] ([Name],[Email]) SELECT NAME,EMAIL FROM [CUSTOMERLINK]...[CUS]
All this works fine. I can even put it in to an After Insert Trigger on another table and it works.
My problem is that I need this to work in a scheduled job.
F:Data is just a folder with files in it.
This info is from a Restaurant POS system and I need to update it every night.
I have tried every which way to to setup the security issue as there isn't any login security on the folder and SqlServerAgent wants security.
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
Hi All, I would like to know, how the datetime will be stored in the sqlserver datetime column. Because some time i am giving the date in dd/mm/yyyy and sometime mm/dd/yyyy. while give the date in mm/dd/yyyy works fine but not in the another case. and also while i execute a query on query analyser it shows the datetime in yyyy/mm/dd format. So anyone can please tell me how the dates will be stored in the datetime column of sqlserver database? Thanks in Advance. Regards, Dhanasekaran. G
I am currently running SQL Server 2000 Standard on my production system, and I am looking to upgrade the system to Windows 2000 Adv. Server. I would also like to upgrade SQL Server 2000 Standard to SQL Server 2000 Enterprise to utilize more than 2GB of memory. Can anyone tell me what is the best way to upgrade the system, and please provide some feedback on your experiences with the upgrade. Thanks in advance.
We are experiencing a problem with Sql Server 2000 linking to anAccess 97 file. We have two machines that link to this .mdb file, andwe recently upgraded one to newer hardware, SP3a, MDAC 2.8, etc. Thelink on this upgraded machine no longer works, giving this message:Server: Msg 7399, Level 16, State 1, Line 1OLE DB provider 'Microsoft.Jet.OLEDB.4.0' reported an error.[OLE/DB provider returned message: Cannot open a database created witha previous version of your application.]OLE DB error trace [OLE/DB Provider 'Microsoft.Jet.OLEDB.4.0'IDBInitialize::Initialize returned 0x80004005: ].The link on the older machine still works. We decided to tryconverting a copy of the file to Access 2000 to see if the newerpatches/drivers/whatever no longer supported 97. We set up a link onboth machines to this file, and they both work. However, on theupgraded machine, the following error is receievedServer: Msg 7399, Level 16, State 1, Line 1OLE DB provider 'Microsoft.Jet.OLEDB.4.0' reported an error.[OLE/DB provider returned message: System resource exceeded.]OLE DB error trace [OLE/DB Provider 'Microsoft.Jet.OLEDB.4.0'ICommandText::Execute returned 0x80004005: ].when making 1-3 connections to the the linked server, while the oldermachine supports at least 7 simultaneous queries connecting to thelinked server and still hasn't produced that error.Does anyone have any idea if there is a known issue with linking toAccess 97/2000 files under MDAC 2.8, Jet 4.0, etc? Any light anyonecan shine on this subject would be greatly appreciated.
I am looking for a way to log all security related events for SQL in Windows Security Log. I am trying to use SCOM for monitoring SQL and I am looking at ways to generate alerts in my SCOM Console for specific events in SQL e.g. A table is deleted, user is modified, deleted, etc. Is this possible and if yes how do I achieve the same?