Guest Account Enabled Via Group Membership
Jul 30, 2007
Hi
I have a situation (on SQL Server 2000 SP3a) where the guest account appears in the list of database users despite the account being removed via sp_dropuser.
The guest account appears in the list of users with Database Access set as 'Via Group Membership'
Once in this state it cannot be removed as sp_drop user will now report:
Server: Msg 15008, Level 16, State 1, Procedure sp_revokedbaccess, Line 36
User 'guest' does not exist in the current database.
My conerns are:
(a) Does this imply any security risks ?
(b) How can I remove all reference to the guest account?
Any ideas or suggestions would be appreciated
Regards
Nadreck
View 7 Replies
ADVERTISEMENT
Dec 13, 2004
I want to know what is the guest account and what its use for ?
View 1 Replies
View Related
Apr 21, 2006
Hello world
View 1 Replies
View Related
Jan 17, 2001
How do you disable Guest account in SQL Server.
can you do this thru registry?
Tahnk You,
Piyush Patel
View 3 Replies
View Related
Apr 15, 2008
Hi,
I have some questions regarding guest acct. I am using some database security scanning software (again) and it says that guest acct should be dropped from these databases, msdb, pubs, Northwind.
Can i safely say that i can drop the guest acct in pubs and Northwind without any issue?
For msdb, will there be any concerns? How can i verify?
If i just revoke the public permission on guest, is it the same as dropping the user?
Lastly, I see that in all databases, the guest acct exists, but some are of permit and some are of via group membership for the database access column. What is the difference?
Thanks guys. appreciate your help. Audit deadline coming up.. i still have about 20 more audit pts to go... :)
View 7 Replies
View Related
Nov 18, 2006
Just wondering what is the use of the build in guest account in SQL2000?
Should you remove it? Or just leave it there?
I quess a user can make an odbc connection to the database with that account, but can cause no harm.
What to do?
Greetz,
The nerd.
View 1 Replies
View Related
Apr 23, 2006
When i restart my database server, guest login is getting deleted automatically from tempdb. it shudn't happen. please can anyone suggest me solution for my problem.
thanx and regards
kiran
View 4 Replies
View Related
Sep 26, 2007
on the login properties i see a third option under security access
- Grant access
- Deny access
- Through group membership
what is the third one? I tried to change it to grant access but it doesn't let me. Neither can I uncheked a database box on 'Database Access tab'. It says DB owner cannot be dropped.
=============================
http://www.sqlserverstudy.com
View 1 Replies
View Related
Jun 18, 2005
Hi,
Permissions were granted to sql users based on their groups in the domain - that is groups were added as sql users rather than the login names.
Is there any way I can determine the group a user belongs on login to sql server?. I need to develop an interface that enables relevant menu to relevant groups.
Thanks,
Victor
View 5 Replies
View Related
Aug 8, 2006
Hi.
I'm investigating whether I can lock down a feature exclusively to only those who belong to a certain domain group.
From what I understand, the master.sys.login_token view holds information on all the groups I'm a part of. However, I'm looking at the output from
SELECT * FROM master.sys.login_token
and see a number of groups that I can't verify I have access to. I have even run the DOS command "net group <domaingroup> /dom" and don't see myself listed in its output.
Is this normal? Is the output a culmination of everyone logged in at the time?
@@version = 9.00.2047.00
View 4 Replies
View Related
Jun 8, 2012
For code reuse, I am trying to get a table valued function to return users of a given AD group name. I can easily get this with hard-coding the group name. But because OpenQuery wont accept parameters, I can't insert my group name there. And because functions can't call dynamic SQL, I can't do it via dynamic sql. I have seen people do it with CLR, but I rather not go that route. I can use a stored procedure + cursor and iterate through each group and store the results into real tables and create a cache, but I rather query Active Directory itself to save space, but I rather do the caching then the CLR. Any approach I am missing on how to do this?
The following works fine:
SELECT DISTINCT sAMAccountName
FROM OPENQUERY(ADSI, 'SELECT sAMAccountName, sn
FROM ''LDAP://OU=SomeOU,OU=SomeOtherOU,DC=SomeDC,DC=SomeOtherDC''
WHERE objectCategory=''Person'' AND objectClass=''USER'' AND memberOf=''CN=SomeGroupName,OU=SomeOU,OU=SomeOtherOU,DC=SomeDC,DC=SomeOtherDC''') a
WHERE sn IS NOT NULL
The following gives me the error:
Invalid use of a side-effecting operator 'EXECUTE STRING' within a function.
CREATE FUNCTION [dbo].queryADGroupMembers
(
@group nvarchar(255)
)
RETURNS @rtnTable TABLE
[Code] .....
View 7 Replies
View Related
Aug 9, 2007
Hello,
I am fairly new to SQL 2005 and Reporting Services.
We are trying to create a report that will display sales data based on group membership from Active Directory.
For example, if USER1 logs in and looks at a Year to Date Sales report, it will only show data that pertains to his group. If USER2 logs in and accesses the same report, it will display different Year to Date information because he is in a different group.
Background Information: We are running SQL 2005 Enterprise Edition Service Pack 2 with Analysis and Reporting Services. We are delivering the reports through a Sharepoint site.
Please let me know if anyone has a good way to tackle this.
Thanks,
Justin
View 6 Replies
View Related
Sep 17, 2007
Greetings,
I am trying to configure Reporting Services to allow a domain group access to reports. I am able to configure the domain and group (mydomaingrpname) in both Report Manager and BIDS. I'm sure I entered the correct name because I purposely misspelled it and received an error. I think this tells me it is finding the group correctly.
However, when my test user goes to Report Manager, there are no folders displayed. I checked and he is in the domain group I am using. If I explicitly add him (mydomainandy) to the folders, he can see them and execute the reports.
After searching the forums and other websites, I have checked IIS is using Windows Integrated Security and not anonymous access.
Any ideas?
Rob
View 7 Replies
View Related
Oct 24, 2007
Hi am
i am facing problem adding a domain group to the reporting services.
while setting the security of a report, i am getting the rsUnknownUserName error while adding a domain group.
the group is valid and it does exists. i tried creating a windows group on the machine running reporting services and tried adding the domain group and it accepted. but the reporting services is not accepting.
can somebody tell me whats the problem with this.
i am able to add other domain group belonging to the same domain and the SSRS accepts but not this particular domain group which is like any other domain group.
View 3 Replies
View Related
Mar 11, 2014
Given the following example;
declare @CustIfno table (AccountNumber int, StoreID int, Distance decimal(14,10))
insert into @CustIfno values ('1','44','2.145223'),('1','45','4.567834'),
('1','46','8.4325654'),('2','44','7.8754345'),('2','45','1.54654323'),
('2','46','11.5436543'), ('3','44','9.145223'),('3','45','8.567834'),
('3','46','17.4325654'),('4','44','7.8754345'),('4','45','1.54654323'),
('4','46','11.5436543')
How can I show the shortest Distance by AccountID and StoreID. Results would look like this;
AccountNumberStoreID Distance
1 44 2.1452230000
2 45 1.5465432300
3 45 8.5678340000
4 45 1.5465432300
View 7 Replies
View Related
May 1, 2007
I am attempting to configure my SQL Server instance to use a service account with the minimum privileges. I thought I had everything configured correctly, when I realized that having the service account as a member of the "SQLServer2005MSSQLUser" Windows Group meant that the service account was now in the "sysadmin" fixed server role. This was not the configuration I wanted.
I went through the Books Online article "Setting Up Windows Service Accounts" and made sure the login had access to the appropriate folders used by SQL Server. Then I stopped the SQL Server service and tried to restart it, without success. These are the error messages:
Code Snippet
SQL Server could not spawn FRunCM thread. Check the SQL Server error log and the Windows event logs for information about possible related problems.
Could not start the network library because of an internal error in the network library. To determine the cause, review the errors immediately preceding this one in the error log.
FCB::Open failed: Could not open file E:MSSQL$STAGINGDatamodel.mdf for file number 1. OS error: 5(Access is denied.).
TDSSNIClient initialization failed with error 0x5, status code 0x1.
TDSSNIClient initialization failed with error 0x5, status code 0x90.
I checked some other posts on this board, and they suggested the problem might be that the "VIA" protocol was enabled. I checked for this protocol in the Configuration Manager, and it is DISABLED in both the SQL Server 2005 Network Configuration and the SQL Native Client Configuration. What else could be causing this error?
The errors do not occur when I add the service account back to the "SQLServer2005MSSQLUser" Windows Group. The SQL Server service starts successfully when the account is back in this group.
Here are my answers to the questions posted at the top of this board:
What is the MS SQL version? - SQL Server 2005 SP2 (9.00.3054.00)
What is the SKU of MS SQL? - Enterprise Edition (SKU ID: 1804890536)
What is the SQL Server Protocol enabled? - TCPIP, Named Pipes
Does the server start successfully? - NO
If not what is the error messages in the SQL server ERRORLOG? - See above.
If SQL Server is a named instance, is the SQL browser enabled? - YES
What is the account that the SQL Server is running under? - Domain Account
Do you make firewall exception for your SQL server TCP port if you want connect remotely through TCP provider? Not applicable, Windows Firewall is not used
Do you make firewall exception for SQL Browser UDP port 1434?
Not Applicable, Windows Firewall is not used
View 7 Replies
View Related
Jul 26, 2007
Am trying to run SQL Server Agent with a service account which is not in the Administrators group. Have done the following -
1. Removed the service account from the Administrators group on the machine
2. Assigned sysadmin privileges to the service account
3. Added it to the SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER role
4. Through SQL Configuration Manager assigned this account to the SQL Server Agent service
However, this does not start the Agent as a service. What is it that is missing?
View 4 Replies
View Related
Jan 26, 2006
Howdy,
I have a table that has a group. In this group, I want to filter by 2 different expressions, concatenated with an OR. BUT I can't change the "And/Or" column value for the first entry because it is grayed out. The column will automatically change to an OR value if both my expression column fields are the same (which I don€™t want) but if I put any other value in to the expression field of the second row, the "And/Or" field of the first row automatically changes to an AND.
PLEASE! How do I get the And/Or field "ungrayed" so I can change it to what I want?
The 2 filters I and using check the UserID = to the user, and the other is checking a count to get the Top N 1. (So just showing the current user and the top producer)
View 14 Replies
View Related
Sep 5, 2014
Setting up a test AlwaysOn Availability Group for one database.
However, whenever I restore the database to the replica server and join it, it ends up with my user account as the owner of the database.
Obviously I do not want a user account as the database owner, but since it is read-only I cannot modify it directly. If I were able to fail the AG over to the replica, I could change the owner then, but I cannot due to business requirements. this AG is to essentially serve as a replacement to log shipping.
I tried doing the backups and restores using EXECUTE AS login = 'sa', and yet it still shows up as my user account.
View 2 Replies
View Related
Jan 5, 2006
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
View 6 Replies
View Related
May 7, 2008
In my site, when a user registers, I need to create rows in additional tables besides aspnet_Users. So, I need to be able to pass the generated userId guid to subsequent SqlCommands. I'm having a terrible time with this. What's the correct way to set up a SqlParameter so that it will accept a guid? I keep getting this error: "Conversion failed when converting from a character string to uniqueidentifier."
I've tried creating the parameter both with and without a SqlDbType.
cmd.Parameters.AddWithValue(paramName, guid);
and
SqlParameter p = new SqlParameter(paramName);p.SqlDbType = SqlDbType.Guid;cmd.Parameters.Add(p);
and I get the same error either way.
Driving me nuts! Any help appreciated.
View 1 Replies
View Related
Nov 2, 2007
A user was created with a limited privilege under the USERS group. Once this user loged in the Report Manager he is acting like an Admin and Content Manager, though he is not given even a browser role.
What do u think that this guy is acting like a Super User evenif he is restricted to a browser role on the Report Manager ????????????
I did all my best, but no luck so far
View 5 Replies
View Related
Mar 23, 2007
Hi all,
I installed SQL 2005 SP2 + ReportServices Add-in for Sharepoint (WSS 3.0). All it's OK until I try to grant database access in the Sharepoint Central Admin site.
I setup the Reporting Services Integration (Manage integration settings). I use the default SQL instance, I put the USERNAME and the PASSWORD of my ADMIN account in the ENTER CREDENTIALS windows.. When I click the "OK" button, I receive always the error ...
"A new member could not be added to a local group because the member has the wrong account type"
I tried a lot of things... without success.
Is there someone who can help me....
PS: There is no error in the LOG
Thanks
View 18 Replies
View Related
Mar 23, 2007
Hi all,
I installed SQL 2005 SP2 + ReportServices Add-in for Sharepoint (WSS 3.0). All it's OK until I try to grant database access in the Sharepoint Central Admin site.
I setup the Reporting Services Integration (Manage integration settings). I use the default SQL instance, I put the USERNAME and the PASSWORD of my ADMIN account in the ENTER CREDENTIALS windows.. When I click the "OK" button, I receive always the error ...
"A new member could not be added to a local group because the member has the wrong account type"
I tried a lot of things... without success.
Is there someone who can help me....
PS: There is no error in the LOG
Thanks
View 4 Replies
View Related
Dec 4, 2006
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
yours sincerely
Craig Hoy
View 9 Replies
View Related
May 9, 2002
I have several DTS jobs that runs well as a job with my nt login account for the SQL agent service startup account, but if I use the System account
they fail with this error.
" Error opening datafile: Access is denied. Error source: Microsoft Data Transformation Services Flat File Rowset Provider"
The data has change access to the System account under the NT security.
Thank you in advanced.
Jorge
View 2 Replies
View Related
Mar 2, 2004
Hi all, i hope you can help me.
Basically a dts package has been setup that pulls in data from another companies server, this data requires to be on-demand i.e individual users can pull in updates of the data when they require it.
I am using xp_cmdshell and dtsrun to pull in the data. This obviouly works fine for me as i am a member of sysadmin.
Books online quotes " SQL Server Agent proxy accounts allow SQL Server users who do not belong to the sysadmin fixed server role to execute xp_cmdshell"
So i went to the SQL Server Agent Properties 'Job System' tab and unchecked 'Non-sysadmin job step proxy account' and entered a proxy account.
The proxy account has been setup as a Windows user with local administrator privilages and even a member of the sysadmin server role - just in case.
Now when i log onto the db with my test account - a non-sysadmin - and attempt to run the stored proc to import the data i recieved the message 'EXECUTE permission denied on object 'xp_cmdshell', database 'master', owner 'dbo' '
hmm... so basically i have either misunderstood BoL or there is something not quite right in my setup.
I have search the net for a few days now and yet i can find no solution.
Can anyone help?
View 2 Replies
View Related
Jul 20, 2005
Hi there,BOL notes that in order for replication agents to run properly, theSQLServerAgent must run as a domain account which has privledges to loginto the other machines involved in replication (under "SecurityConsiderations" and elsewhere). This makes sense; however, I waswondering if there were any repercussions to using duplicate localaccounts to establish replication where a domain was not available.Anotherwords, create a local windows account "johndoe" on both machines(with the same password), grant that account access to SQL Server onboth machines, and then have SQL Server Agent run as "johndoe" on bothmachines. I do not feel this is an ideal solution but I havecircumstances under which I may not have a domain available; mypreliminary tests seem to work.Also, are there any similar considerations regarding the MSSQLSERVERservice, or can I always leave that as local system?Dave
View 1 Replies
View Related
Oct 25, 1999
If our SQL Server is not part of a domain, can "Guest" users still connect to the SQL server?
What we are experiencing is -- when a drive is mapped to the server connectivity is fine.
But, without the drive mapping, the SQL connections cannot be made.
Thoughts, Ideas,
(hopefully without adding unique logins for each user at the server)
View 2 Replies
View Related
Apr 17, 2008
In SQL2K5 guest user can not be dropped from ANY databases. How ever we can use the following command to disable it.
USE <Database Name>
GO
REVOKE CONNECT FROM GUEST
GO
How to find in a DB, whether guest user is disable or not, using TSQL?
------------------------
I think, therefore I am - Rene Descartes
View 7 Replies
View Related
Jul 20, 2005
Nel database "master" ho mappato, per errore, l'utente "guest" su unutente sql "XXX" creato in SQLServer.Questo tipo di impostazione non permette più di aver accesso conl'utente anonimo "guest" (mappato su null) al db (con autorizzazionilimitate al ruolo public).Ho provato sia da EM che con le varie SP a rimuovere l'utente, amapparlo su un'altro utente, ... ma non sono riuscito a ripristinarela situazione di partenza.Mi servirebbe una idea per non dover effettuare il backup di tutti idb, disinstallare SQLServer, reinstallare SQLServer e fare il restoredi tutti i db (soluzione possibile ma che tengo come ultimaspiaggia!!).Grazie
View 1 Replies
View Related
May 11, 2004
I would like a guest to view some items on the application.
And I recently intalled SQL Server 2000 on my machine. Will integrate Access when ready.
I can access or simply read data from a db if I specify User ID and Password.
Such as....
Dim nwindConn As SqlConnection = New SqlConnection("Data Source=localhost;User Id=sa;Password=xxxxx;Initial Catalog=Northwind;")
Yes, testing first, then adjusting all my code for the SQL instead of Access.
If I leave the id and pw out, it won't read - login failure.
I have read so much on authentication and some posts here, even the one on login failure, but that didn't help.
Keep in mind, just installed, only users are the default ones by the installation.
What setting in the SQL Server is there, and I have looked, that if it's a guest, no id or pw, allow read only to items such as datagrids which only read from tables?
Thanks all,
Zath
View 4 Replies
View Related
Feb 28, 2001
Hi All,
I encountered a bizzard situation. The guest id in tempdb disappeared after I rebooted (shutdown and startup) my server. That caused errors in application whenever a stored proc needs to create a temporary table.
Has anyone seen this happened before? Any idea on why or how it happened?
Thanks in advance.
View 1 Replies
View Related
