Domain Vs Local
Jul 20, 2005What are gotchas for starting Sql & the agent with a Local system account
versus a system Domain account.
ADVERTISEMENT
Local Vs. Domain Account
Feb 17, 2006Hi All,
How can I tell how SQL Agent is configured to start up with? Is it with the local system account or domain account?
Thanks.
Domain User Or Local System Account ?
Jul 20, 2005Hello,My server is part of a W2K domain. What do you advice me as account torun my SQL*Server, service started with a domain user account or aslocal system ?I need advices from a security point of view.Thank's in advance
View 4 Replies View RelatedHowto Reinstall With Local Encrypted Data, No Domain?
Aug 17, 2005This is a question more about EFS, I think, than SQL itself, so apologies for that.
View 1 Replies View RelatedNeed To Establish A Remote Connection To An Sql Database On A Local Server (same Domain)
Feb 16, 2007Hi, I have been creating a web store, which we will be hosting on our Windows Server 2003 system. I am also writing a windows application that will be running on our client systems on the same network/domain. I have no need to allow internet access to the database, just within our domain. Pretty much the windows application will be running and whenever a customer places an order, the program will automatically pop-up the needed information for our credit card processing, and shipping department. So far I have been able to establish a connection to our server by creating a data connection under the server explorer. However, it does not list any databases whatsoever, the web site has been published using Visual Studio 2005 Professional on the server, and is in 100% working order. I have searched and haven't found anything concrete on this, i'm sure its just something simple that im missing. It appears that the server is definetely connected to the database (since the website is fully functional), but it is not listing the information for other systems to access it. If anyone has any ideas, please let me know. Thank you
View 8 Replies View RelatedDomain Users + Local Groups + Scale Out Deployment = Problem
Feb 13, 2008We have a problem authenticating domain users contained in local machine user groups across multiple web servers in a scale out deployment.
When we originally setup our single SSRS database server we were told the a best practice is to add domain users to local user groups on the SSRS machine.
Now we want to add more web servers and create a scale-out deployment. So, we added the web servers and configured the scale-out deployment. But, only administrators can see the reports since all of our SSRS roles are assigned permissions such as "Machine1User_Group".
We were told that we have to create identical local groups on Machine2 and Machine3 and then add them to the SSRS roles. This is prohibitive since it would mean managing 3 identical user groups containing thousands of domain users.
Is there a better way to do this without using Domain User Groups?
Thank you for any assistance.
Do Managed Local Accounts Remove Need For Multiple Domain Accounts
Aug 12, 2015I cannot get a consistent answer as to how many domain accounts would be suggested in a SQL Server 2014 installation. Previously the recommendation was a separate account for each service to provide isolation and minimum permissions for each account. It seems from what I've read that a single domain account would have something added to make it unique from SQL Server's perspective. Several still advocate multiple accounts. I don't know if they are doing so because that's the way it's always been done or if there is still some compelling reason to do so. I don't want to create unnecessary accounts simply because something is "ideal."
View 8 Replies View RelatedLogin For Domain Local Group And Global Group
Jan 5, 2008I have one domoain in the forest. The domain level is set to Windows 2000 native mode and forest level is set to mixed mode. My SQL server 2005 server joined to this domain. I added a brand new domain local group and add a normal user account to this domain local group. I login to the SQL server 2005 server and make a query "SELECT * FROM sys.login_token". I cannot see my domain local group in sys.login_token. However, if I add my account to a global group, I can see it there.
Then, I setup another forest. This time, I have domain level set to Windows 2003 mode and forest level is set to Windows 2003 native mode. I do the same testing. This time, I can see my domain local group in sys.login_token.
Why does SQL server 2005 has this limitation? Is it a bug?
Domain Administrator Vs. Local Administrator Group
Jul 16, 2002We are trying to set up SQLAgent Proxy account. If the SQLServer service id is a domain admin, do we still have to add it to the local administrators group?
Jeff
Domain Account Vs Local Account For SQLServerAgent
Jul 20, 2005Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
View 1 Replies View RelatedEVENT ID 18456 STATE: 16 Login Failed For User 'DOMAIN/user'. [CLIENT: &&<local Machine&&>] Every Minute In Event Log.
Oct 22, 2007We recently upgraded to SQL 2005 from SQL 2000. We have most of our issues ironed out however about every 1 minute there is a message in the Application Event log and the SQL log that states:
EVENT ID 18456 Login Failed for the users DOMAIN/ACCOUNT [CLIENT: <local machine>]
This is a state 16 message which I thought meant that the account does not have access to the default database. The account is actually the account that the SQL services run under.
Any ideas? We can't seem to figure this one out. We actually upgraded to 2005 from 2000 and had an error appear after every reboot that prevented the SQL Agent from running(This application has failed to start because GAPI32.dll was not found. Re-installing the application may fix this problem.) We did a full uninstall of SQL and reinstalled fresh and restored the databases from .bak files and that is when the EVENT ID 18546 started occuring every minute.
We don't have any SQL heavy hitters here so please be detailed with any possible solutions. That you very much for any help you can provide!
David
Whether To Use Local System Account Or Domain Account For Service Account
Jan 5, 2006During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies View RelatedUser On Trusted Domain Does Have Permission To Access Linked Server On AD Deployed In Another Domain
Sep 28, 2007Hi,
We have the followoing:
-A "master domain" AD, a "sub domain" AD, a trust relationship between the two (sub trust master)
-A sql server 2005 on a win server 2003 in "sub domain" AD
-A linked server to "sub domain" AD
-A linked server login using a "sub domain" admin acccount
-A view to this linked server
-A grant on masterDomain/Domain Users to the database
-A grant on subDomain/Domain Users to the database
-We want all connections done through "Windows Authentication" not "Database Authentication".
Queries on the view work fine using "sub domain" user accounts.
Queries on the view fail using "master domain" user accounts (including master domain admin accounts)
"Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation."
All connections are done through "Windows Authentication" not "Database Authentication".
Can we establish cross domain connectivity with "Windows Authentication" ?
Below are details of the implementation:
SELECT TOP (100) PERCENT *
FROM OPENQUERY(ADSI,
'SELECT displayname, givenName, sn, cn (etc...)
FROM ''LDAP://OU=PEOPLE,DC=subDomain,DC=com''
WHERE objectCategory = ''Person'' AND objectClass = ''user'' ')
EXEC sp_addlinkedsrvlogin @rmtsrvname ='ADSI', @useself='false',
@rmtuser='subDomainAdminAccnt', @rmtpassword='sunDomainAdminAccntPassword';
In SQL Server Mngt Studio in Server Objects/Linked Servers/Providers/ ADSI properties security tab I have:
"connections will: <be made using this security context> Remote login:'subDomainAdminAccnt' With password: 'subDomainAdminAccntPassword'
Error:
Msg 7399, Level 16, State 1, Line 1
The OLE DB provider "ADsDSOObject" for linked server "ADSI" reported an error. The provider indicates that the user did not have the permission to perform the operation.
Msg 7320, Level 16, State 2, Line 1
Cannot execute the query "SELECT displayname, givenName, sn, cn
FROM 'LDAP://OU=PEOPLE,DC=subDomain,DC=com'
WHERE
objectCategory = 'Person'
AND objectClass = 'user'
" against OLE DB provider "ADsDSOObject" for linked server "ADSI".
Problems With Change Sql Permissions After Migrating Domain User/group Accounts Into Root Domain
Apr 5, 2007I have a root domain and child domain.
After using ADMT to migrate the domain user or group into the root domain, when I use enterprise manager to try and change the permissions allocated to that domain user/group, i get the 'Error 15401 NT user or Group not found'.
This is a correct error as the user is now in the root domain, however sql (in sysxlogins) still thinks its in the child domain.
Is there a simpler way, other than collecting the users permissions, deleting the user from SQL then adding back in with the correct domainusername format, then adding the permissions back?
I tried renaming the 'name' in sysxlogins (not recommended) and while that worked, whenever I tried to add the migrated user to another database, the login name was missing and would not resolve.
I believe it is something to do with the SID not matching.
Any ideas on how to fix this ?
SQL Security :: Domain Migration Altered SA Or Domain Admin Access To DBs
Jun 19, 2015we recently migrated from our in-house domain to the Enterprise domain. Everything went smooth except for the fact that I can no longer accept my dBs using my SA or my domain admin account. There is only 1 account I can get into the management studio with but it has no admin privileges, so I can't make any password changes or add accounts. I don't have a test environment so kind of hesitant to experiment with our production system.
View 6 Replies View RelatedNone-Domain Server Cannot Access SQL2005 Data On Windows 2003 Domain Server
Sep 26, 2006I'm trying to run a test from my test environment which is a non-domain Windows 2000 server to access my domain 2003 with SQL2005. I have install 2005 tools to try to access the SQL server.
- I have try following the KB265808 - no success.
- Reading alot of blogs and it seems all are pointing to the same problem. "Remote access" but the settign is enabled.Error Message:
TITLE: Connect to Server
------------------------------
Cannot connect to ardsqldatawh.
------------------------------
ADDITIONAL INFORMATION:
An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (Microsoft SQL Server, Error: 53)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=53&LinkId=20476
Question: Could Windows 2003 security be blocking access? I'm using sa account to access.
Also, sa account does not seems to work for remote access. It is ok when accessing locally.
Any help would be appreciated.
949jc
Local SQL Server Instances Not Showing Up On Local Servers Tab Of Management Studio Logon Screen
Oct 2, 2007We have a 64-bit VM server running SQL Server 2005. The SQL Server on this particular VM server has 6 local instances installed. On the Management Studio logon screen I can type the full name of the local instance and connect to it, however if I press the drop down in the Server name field, choose Browse and select the Local Servers tab there is nothing listed under Database Engines.
Any idea why the 6 local instances don't show up under Database Engines? This is preventing me from installing a vendor application because their installer looks for local SQL Server instances on this server, but if SQL Server won't even show the local instances then the installer doesn't see them either.
Any help is greatly appreciated.
Thanks,
Craig
Not Able To Connect To The Local Database With (local) As Server Name
Jun 7, 2006I am facing a problem in connecting to the local database with server name as (local).
I have installed SQL Server 2005 in my machine. When I try to connect to the SQL server with the server name as SUNILKUMAR I am able to connect but when I try to connect to the same server with the server name as (local) I am not able to connect. SUNILKUMAR is my machine name and SQL server is running locally.
if anyone can help me what is the problem in this case it is highly appriciated.
Need Help - Local Synchronization Between SQL Mobile And Local SQL Database
Dec 21, 2005Hi Everyone
I am at the stage of architecting my solution
My goal is to develop the system on a windows application and pda
There is a central server which will create a publication called inventory
The laptops which host the windows application will be subscribers to the central server using merge replication
The client now wants the PDA using SQL Mobile to synchronize with the local subscirber database on the laptop using active sync. They dont want to do it via WIFI to the IIS Server at the central server
I have been reading for days and I am still unsure whether this is possible to do.
I know Appforge provide a conduit for palm to access synchronization but not local sql databases
I would appreciate your help immensley
NON DOMAIN AND DOMAIN CONNECTION
Jul 20, 2005Hi all,it happen to me a strange problem:i have a mdb file (in Access 2K) with SQL Server 2K linked tables whoruns on a workstation which is on a different domain that the SQLServer. It works.If i create a mdb file from a workstation which is a the domain of theSQL Server and then i run it a my non-domain workstation i have errormessage:Login failed for user '(null)'. Reason: Not associated with a trustedSQL Server connectionBut if i reattached my tables it works.If someone have an idea....PS: same ODBC on both machines
View 1 Replies View RelatedMigrating SQL 2000 From A 2000 Domain To 2003 Domain
Mar 2, 2006Currently running a SQL 2000 server in 2000 domain and want to migrate it to a new 2003 domain of the same name.
How do I go about it and is there any problems with this plan?
Moving A SQL Server 2000 Database From A Local Drive To Another Local Drive
Jan 31, 2008Being a very novice SQL Server administrator, I need to ask the experts a question.
How do I go about moving a database from 1 drive to another? The source drive (C is local to the server, but the target drive (E is on a Storage Area Network (SAN), although it is still a local drive for the server. I want to move the database from C: to E:. Can someone provide me with instructions?
Thanks,
Rick
Failed To Generate A User Instance Of SQL Server Due To Failure In Retrieving The User's Local Application Data Path. Please Make Sure The User Has A Local User Profile On The Computer. The Connection Will Be Closed
Dec 7, 2006This is my first time to deploy an asp.net2 web site. Everything is working fine on my local computer but when i published the web site on a remote computer i get the error "Failed to generate a user instance of SQL Server due to failure in retrieving the user's local application data path. Please make sure the user has a local user profile on the computer. The connection will be closed" (only in pages that try to access the database)
Help pleaseee
Replication From Machine Not In Domain To Machine In A Domain
Jul 11, 2007Hi
I'm trying to set up replication from one SQL server to another.
The publishing server is not a member of a domain and is located in a hosting center (but we have full control over the server). I can set up a Snapshot publication just fine.
The subscribing server is located in another remote location and is a member of a domain. Here I can also set up the subscription without errors.
The errors, I think, comes when the snapshot is about to be created, the error is, on the publisher server:
[298] SQLServer Error: 18456, Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. [SQLSTATE 28000]
And the snapshot is not created.
Is it even possible to set up replication like this. I need to transfer the data from one sql server to another so we have a working "backup" so to speek if the other server does not respond.
Can We See The Domain?
May 10, 2001Guys,
I have problem in adding the user. The domain name "scs" that I am logged on a machine with user name "rao", But I am not able this user to SQL Server as scs/rao, it gives that the not found.
Your suggestions greatly appreciated.
Rao
Domain Name
Jun 13, 2007Hi All,
I am in the process of installing SQL Server 2005. Under Service Account I am selecting the domain user account option. It asks for the username, password and the domain name. How can I find out what the domain name is?
Thanks.
Specify Domain Name
Jan 26, 2004In mssql-ds.xml, we have attribute <datasources>
and in
<connection- url>jdbc:microsoft:sqlserver://localhost:1433;DatabaseName=DEV01</connection-url>
I also have a domain name "test" in which i have a table "loginTest", how do i specify domain name in <connection-url>
-Thanx
Domain
Jun 18, 2008How do I get the domain name of a sql server 2005 instance please?
Thanks
Log On Outside The Domain
Nov 7, 2007A while back I asked this in the SQL security forum, but did not receive any replies. I feel that this is a fairly basic, common question, so I am posting it here in the hopes that this forum has higher traffic and that someone here will know the answer.
I am trying to connect as follows:
Server: Windows 2003, SQL 2005, on a domain
Client: Windows 2008 Beta, not on any domain
I created an account with the same user name as the domain user on the client machine. And then I logged in as that user and went to Manage Network Password. I entered the correct domain credentials. Verified that this worked for file shares. However, SQL does not appear to be recognizing this and it tells me:
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
I have verified that this domain account is working properly with SQL when the client is also on the domain.
Q: How can I get this Windows authentication scenario to work where the client is not on the domain and the SQL server is on the domain?
(Note: A similar case that can also occur frequently is that the server and client are on different domains.)
Domain Admin And Sa
Dec 13, 1999A couple of newbie questions:
1) Do Domain Admins have SA rights by default in SQL7? If so, is there a way to keep domain admins out of particular databases.
2) Is it possible to create a database or table that even SA can't get into?
Thanks
JD
Change Domain Within SQL
Mar 30, 20001. How could I change the Domain within SQL Server.
2. When the NT Server changed to a new domain, Does the SQL server change also? Could someone help me. Thank you.
Run SQL As Domain User
Sep 10, 2002SQL2K SP2 on Win2K Server in single native-mode domain
I'm trying to change MSSQLServer and SQLServerAgent to run under a domain account instead of LocalSystem. SQL is not running on the DC. I get Error 22042:xp_SetSQLSecurity() returned error -2147023564, 'No mapping between account names and security ID's was done'.
The SQL machine is part of the domain. I'm logged in as a Domain Admin.
What is the problem?
Domain Confusion?
Feb 24, 2002I can map to a domain to the server where I have a sql Server database from my machine which is in another domin.
However, I cannot register the sql server with enterprise manager from the same machine. I am assuming that it is not a permission problem since I could not get the registration to work logging on as SA or with windows authorization. What should be looked at?