I have a problem that im using Active Directory in Win2k Server, when domain users logon to workstations they can't open sql server databases, SQL server is local installed on Workstation and operating system is XP.
When i give administrator rights to users the sql server works fine.
Tell me is there is a way to use sql server without giving to the user administrative rights?
We have an existing SSRS server, and have just created a new child domain. We'll be migrating users from the parent to the child, and want to add the users of that new domain with access to SSRS. In the parent domain they are able to access, but after migration with the child domain account, they cannot.
I have added the group CHILDDomain Users with a system user role on SSRS, and PARENTDomain Users was already there.
Is there any additional step I should/could take to get this active?
I apologize for the newbie question but I'm looking for the correct answer. We have 4 production SQL servers at this time. When we had originally set them up the "sa" account belonged to the domain administrators group. Since we have a SQL admin team and a domain admin team we would like to remove this privilege. Is this something we can and should do? Our SQL servers use mixed mode authentication and some databases are configured for Windows authentication. I would appreciate any input from the community.
I've restored the dev db from the prod backup which overwrote the users and their rights in dev db. Is there any way that I can find out what those rights were? I have the list of users in dev db but not their rights . Thanks.
I have DBA that is convinced that they need domain admin rights to install SQL 2005 into an existing cluster. The domain groups and service accounts for SQL have been created already. Is having domain admin rights required during the install of SQL 2005 in a cluster?
Hi, In SQL Server Express Edition, what are the rights that are assigned to a Normal Windows User and PowerUser by default ? When I install SQL Express on a clean machine and login as Power User I can add/edit/delete data but when I login as Normal Windows User I can see the data but not change it. Please help me in this regard.
We are currently in the process of migrating users from a NT 4.0 domain to a win2k Domain. On some of our SQL Servers the Windows Authenticated users own objects within the database. These Windows Authenticated users also own SQL Server Job and DTS Packages. Once these Windows Authenticated users are moved over to the Windows 2000 Domain they have to qualify there database objects, they can not see their SQL Server Jobs they created and they cannot modify the DTS Packages they previously created. Is their a tool or script out there that can fix this problem of moving the Windows Authenticated users smoothly over to the new domain.
I have several access databases in mind to migrate to SQL server. I installed MS SQL 2005 Express on my machine. I will have procedures to run with authorizations beyond that of a common user, such as database administrative work where server agent is not available, I may rely on users' log-on prompt to do some maintenance work. However, I cannot get the EXEC AS 'DomainUser' to work. The procedures can be created OK. But whenever they are called, the following message shows up:
Msg 15404, Level 16, State 19, Procedure XXX, Line 0 Could not obtain information about Windows NT group/user 'DomainUser', error code 0xea.
I tried to tweak with the account under which the server service is running. There are three options under built-in account: Local system, Local service, and Network Service. My understanding is that Network Service will use the log-on of the current user of the computer. I have admin right of the computer. None of the three options work. Additionally, when I specify an account (my own account), it's the same thing.
The procedure xp_logininfo always fails when I query a specific domainuser.
The ADHelper is configured to run manually.
I could not think of other ways to get a possible solution. Any help is much appreciated.
Is SQL Server sensitive to Domain group name? Like "Domain Admin"?
I have user that belong to "myDomainDomain Admin" group. Group is in SQL as sysadmin but user cannot login using domain credentials. When I move that user to a different domain group which that group is in SQL again as sysadmin my user is able to login.Â
We have purchased an ERP system from a vendor which uses system DSN for all the reports. The system automatically creates DSN with Sa with SQL Server. The problem is the DSN is not working with AD users.
Active Directory server: Windows Server 2008 32 Bit.
SQL Server: Windows Server 2012 64 Bit. This server is already member of my Domain. e.g. CompDomain.com
What should I need to do in client PCs or Server to avail ODBC to AD users.
I created a SSRS Reports in SQL Server 2012 and deployed in server, I want this report to be accessed by one particular User created in that hosted server and any time if user hits the Report URL it asked for login Prompt.Suppose if I create a Windows User "ReportUser" in report server , I want when user hits the URL he should be able to access the report by providing the 'ReportUser" credentials.
Based on our database infrastructure, we need to secure our SQL databases. The security issue concerns on allowing a limited number of Domain Admin users to access the SQL databases. We tried certain ways, based on the documents in the Microsoft web site, but we couldn€™t reach to the point of preventing the Domain Admin users accessing the SQL databases.
We have a problem authenticating domain users contained in local machine user groups across multiple web servers in a scale out deployment.
When we originally setup our single SSRS database server we were told the a best practice is to add domain users to local user groups on the SSRS machine.
Now we want to add more web servers and create a scale-out deployment. So, we added the web servers and configured the scale-out deployment. But, only administrators can see the reports since all of our SSRS roles are assigned permissions such as "Machine1User_Group".
We were told that we have to create identical local groups on Machine2 and Machine3 and then add them to the SSRS roles. This is prohibitive since it would mean managing 3 identical user groups containing thousands of domain users.
Is there a better way to do this without using Domain User Groups?
The DBA at our location is demanding local admin (windows) right's to the box so he can function. Right now when he logs in i have given him right's to the inetpub directory, sql directory, i have set him as a sysadmin on sql2005 and gone into the http:\localhost eports and set him up as a system manager and under site priveledges set him as a sys admin. When he tries to login and configure the report server he gets the following error:
Title-Reporting services configuration manager
Error-There was an error refreshing the UI. bla bla bla
A WMI error has occurred and no additional error information is availiable
Title-Reporting services configuration manager
Error-There was an error while switching panels. The most likely cause is an error retrieving WMI properties. bla bla bla
A WMI error has occurred and no additional error information is availiable
then when he's in sql server 2005 surface area configuation
Title-Surface Area Configuration
Error-Access denied (system.management)
Is there any documentation or anythign anyone can tell me that i can do to give this DBA full access to configure and admin the SQL portion of his system without giving him admin rights to the OS???
Please help!!
Thanks for any time anyone has taken to review this thread!!
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master) -A sql server 2005 on a win server 2003 in "sub domain" AD -A linked server to "sub domain" AD -A linked server login using a "sub domain" admin acccount -A view to this linked server -A grant on masterDomain/Domain Users to the database -A grant on subDomain/Domain Users to the database -We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts. Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT * FROM OPENQUERY(ADSI, 'SELECT displayname, givenName, sn, cn (etc...) FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com'' WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error: Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any  password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success. - Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server ------------------------------
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
I have had this issue just pop up. I have local users who can connect fine, but my users that require connection by VPN cannot connect. I get the server not available or access denied error. I did confirm that the VPN'ers are connected to the network correctly and can see that their shares and mappings are correct. Any ideas? Thanking you all in advance!!
I am trying to revert back to Windows 7 after upgrading to Windows 10, however it will not let me and the following message occurs: "Remove new accounts.Before you can go back to a previous version of Windows, you'll need to remove any user accounts you added after the most recent upgrade. The accounts need to be completely removed, including their profiles.You created one account (NT SERVICEMSSQLSERVER) Go to Settings> Accounts> Other users to remove these accounts and then try again".However I did not create any new users and there are no other users listed in the Accounts section.
hi alli've got two tables called "webusers" (id, name, fk_country) and "countries" (id, name) at the meantime, i've a search-page where i can fill a form to search users. in the dropdown to select the country i included an option which is called "all countries". now the problem is: how can i make a stored procedure that makes a restriction to the fk_country depending on the submitted fk_country parameter?it should be something like SELECT * FROM webusers(if @fk_country > 0, which is the value for "all countries"){ WHERE fk_country = @fk_country} who has an idea how to solve this problem?
Hi all,it happen to me a strange problem:i have a mdb file (in Access 2K) with SQL Server 2K linked tables whoruns on a workstation which is on a different domain that the SQLServer. It works.If i create a mdb file from a workstation which is a the domain of theSQL Server and then i run it a my non-domain workstation i have errormessage:Login failed for user '(null)'. Reason: Not associated with a trustedSQL Server connectionBut if i reattached my tables it works.If someone have an idea....PS: same ODBC on both machines
Hello, I need to create a sp that allows a user(not sa) to reset passwords using sp_password. The part that I'm stuck on is how to login within the proc so that the user(not sa) can exec the sp_password as sa without having to give the user sa rights. I don't mind hard coding the sa password with the proc but I can not give sa password to the users. Do I need to somehow alter sp_password for this to work?
Need to give a user permission to add logins and users to a database. Have tries to alias the user to DBO but it doesnt work. Is there a way to do it other than reassigning DBO permissions to the user.
Is there a way in SQL server to grant "SA" rights to non-SA users for certain commands.
I know there's a way to do this in Sybase by creating a password protected role and then activating it within a stored procedure.
Thus, the specific right is only active for the brief duration of the stored procedure - which runs the particular command to be granted. The role is de-activated at the end of the stored procedure.
I have a basic question regarding rights. What level of rights do Ihave to have to grant another user update rights? I don't want togive everyone owner rights. Can a person with update rights grantanother person update rights?Thanks.