New Accounts In SQL 2005 That Were Not There In SQL 2000
Jul 26, 2006
We are in the mist of a SQL project that also includes tighting the locking down of our SQL Servers. We generally remove certain accounts from security such as Built-inAdministrators. On SQL 2000, this is pretty straight forward. However SQL 2005 adds a few new accounts that we must take into account.
Once we load SQL 2005, NT AUTHORITYNETWORK SERVICE, NT AUTHORITYSYSTEM, <servername>SQLServer2005MSFTEUSER$<servername>$<instancename> now appears. Althought they are not in any obvious server roles or has access to any databases. I also noticed these accounts are denied permissions to connect to the database engine althought the login is enabled.
In addition, there are a number of Local Windows groups that were added. There are additional groups added for the purpose of taking advantage of certain SQL Features (full text, intergration service, etc).
The question is what is the harm in removing these accounts from SQL? From Windows? Although we are not using these services now, I installed them when I setup the server. Will removing these services also remove these account?
Thanks
Akinja Richards
View 4 Replies
ADVERTISEMENT
Jan 18, 2008
I'm attempting to write a script that I can execute accross 30 servers that will create a domain login and subsequently grant access to said account on all databases per server. The only problem that I'm running into is trying to dymanically create the login. Example source is below.
declare @sql varchar(1000)
declare @loginname varchar(50)
select @loginname = 'DOMAINaccountname'
set @sql = 'if not exists (select * from master.dbo.syslogins where name = N' + char(39) + 'DOMAINaccountname' + char(39) + ')' + char(10) + char(13)
set @sql = @sql + 'begin ' + char(10) + char(13)
set @sql = @sql + char(9) + 'exec master.dbo.sp_grantlogin ' + quotename(@loginname)
print @sql
exec (@sql)
Here is the generated output and the error. Any suggestions would be appreciated.
if not exists (select * from master.dbo.syslogins where name = N'DOMAINaccountname')
begin
exec master.dbo.sp_grantlogin [DOMAINaccountname]
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'DOMAINaccountname'.
View 4 Replies
View Related
Aug 12, 2015
I cannot get a consistent answer as to how many domain accounts would be suggested in a SQL Server 2014 installation. Previously the recommendation was a separate account for each service to provide isolation and minimum permissions for each account. It seems from what I've read that a single domain account would have something added to make it unique from SQL Server's perspective. Several still advocate multiple accounts. I don't know if they are doing so because that's the way it's always been done or if there is still some compelling reason to do so. I don't want to create unnecessary accounts simply because something is "ideal."
View 8 Replies
View Related
Jul 23, 2015
Do we still need the below service accounts in SQL 2008+ version even if we have proper SQL service accounts added in the logins?
[NT AUTHORITYSYSTEM]
[NT ServiceMSSQLSERVER]
[NT SERVICEReportServer]
[NT SERVICESQLSERVERAGENT]
[NT SERVICESQLWriter]
[NT SERVICEWinmgmt]
View 0 Replies
View Related
Dec 19, 2006
Hello,
I'm having a problem using Windows Accounts to login to a SQL 2005 Server.
Here is my setup. The SQL server and web server are separate machines. I'm also not developing directly on the web server.
SQL Server - Windows 2003 Server- SQL 2005- Set to use SQL and Windows AuthenticationWeb Server- Windows 2003 Server- IIS 6.0 - Anonymous Authentication is disabled - Integrated Windows Authentication is enabledApplication web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"><appSettings> <add key="ETR_Environment" value="Dev"/></appSettings>
<connectionStrings> <add connectionString="Data Source=sql-dev-server, 1179;Initial Catalog=ENV_ETR;Integrated Security=SSPI;" name="ETR_Dev"/> <add connectionString="" name="ETR_Prod"/></connectionStrings>
<system.web> <compilation debug="true" strict="false" explicit="true"/> <pages> <namespaces> <clear/> <add namespace="System"/> <add namespace="System.Collections"/> <add namespace="System.Collections.Specialized"/> <add namespace="System.Configuration"/> <add namespace="System.Text"/> <add namespace="System.Text.RegularExpressions"/> <add namespace="System.Web"/> <add namespace="System.Web.Caching"/> <add namespace="System.Web.SessionState"/> <add namespace="System.Web.Security"/> <add namespace="System.Web.Profile"/> <add namespace="System.Web.UI"/> <add namespace="System.Web.UI.WebControls"/> <add namespace="System.Web.UI.WebControls.WebParts"/> <add namespace="System.Web.UI.HtmlControls"/> </namespaces> </pages>
<authentication mode="Windows"></authentication> <customErrors mode="Off"></customErrors> <authorization> <allow users="XXXWilliam.Klein"/> <deny users="*"/> </authorization></system.web></configuration>
The reason why I want to use the windows login to connect to the database is the application needs to keep track of who did what when entering and updating data but still keep them using there windows login accounts. So using a generic account will not work.
What keeps happening is I keep getting this error: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. When trying to connect the database. I've tried this on two web servers on another I get something slightly different: Login failed for user 'XXXWeb-Server$'.
Anybody able to give me any suggestions on how to fix this?
View 12 Replies
View Related
Nov 21, 2007
I have been reading through many postings here, through the MS SQL Server Unleashed book by SAMS, the MS SQL Tech article "Failover clustering for Microsoft SQL Server 2005 and SQL Server 2005 Analysis Services" for installing a brand new SQL 2005 2 node cluster.
So far I have not found the definitive answer that I am looking for and that is, what rights does the SQL service account need to work properly? One article states that it needs both Domain Admin permissions and local admin permissions (and this is a domain account by the way) and then another article states that it only needs domain users group permissions and the least amount of privledges possible.
Can anyone please tell me what is correct for installation and running the server? The more I read about this the more confused I get.
Please be patient as I am brand new to SQL.
Thank you very much!
View 3 Replies
View Related
Jul 12, 2006
Hi There
Currently we run a certain instance , agent under local system on a server.
I want to create specific domain accounts for the sql server service and agent, now i know that one should create these accounts with the least priviledge for security reasons.
cannot find the topic in BOL, can some please give me the BOL topic or a link to exactly what the least priviledge is for the domain accounts for sql server services.
Thanx
View 4 Replies
View Related
Apr 6, 2006
Hi all,After working for weeks on a project in VB.Net, I decided to deploy atest version on a user's computer.The user's XP SP2 computer has sql server xpress 2005 installed, and myVB.net creation. Everything works without problem when the user's XPaccount is set with Administrator permissions. But when i change theuser account to Limited, the program fails with the following message:"Failed to generate a user instance of SQL server due to a failure instarting the process for the user instance. The connection will beclosed."The connection string I'm using is: "DataSource=.SQLEXPRESS;AttachDbFilename="|DataDirectory|DbTrial1.mdf";IntegratedSecurity=True;User Instance=True;Connect Timeout=30"Is there a workaround to get access for XP users with limited accounts?Many thanks :)p.s. allready tried changing in the connection string to "UserInstance=False", but then i get the error "An attempt to attach anauto-named database..... failed.. etc"And I've already tried the most common suggestion to delete the"SQLEXPRESS" folder in local settingsapplication data... but thatdoesn't do anything either :(
View 1 Replies
View Related
May 15, 2008
This may be an idiotic question:
I am attempting to use Visual Web Developer Express with a connection to a SQL Express db from a non-admin account on my XP Pro SP2 machine.
I can do everything in the app under an admin login, but can't seem to configure the db to allow the non-admin account access to the db. I've tried tweaking WMI, using Network Service, Local Service, and Local System with NT AUTHORITY, individual logins, and group permissions, but I'm stuck.
Any thoughts?
View 5 Replies
View Related
Apr 16, 2008
Hello all,
I have 2 networked PC's both running vista ultimate
1st is Laptop and is running its own SQL Server at laptoplaptopSQL
2nd is Desktop and is running its own SQL Server at desktopdesktopSQL
Now both machines have seperate windows login accounts.
When I go SQL Server management studio I go to browse and each machine can see the other machines SQL Server, but when I go to login I get SQL Login falied for users" The user is not associaed with a trusted SQL server connection".
So I then go to logins new login and try to add my other pc's user account.
The problem I see is that when I go to search and then location it only shows its own PC's location and not the location of my other networked pc? So if I am on Desktop and in my theory want to add laptopuser to the desktop SQL Server logins I get:
"create failed for login laptopuser
An exception occurred while executing Transact SQL statement laptopuser is not a valid windows NT name. give the complete name
Not sure on where to go from here.
Any help would be great
View 10 Replies
View Related
Aug 18, 2006
Hi
We would like to install Sql 2005 Enterprise Edition (including database engine, reporting service, integration service and analysis service) as a sepearte instance on a server which already has Sql 2000 with reporting services and analysis services. We do not want to disturb the existing sql 2000 setup.
If we do that then what will happen to my earlier sql 2000 reporting service? Will it be upgraded to sql 2005 reporting service? I heard that reporting services are instance unaware application. Where will be the default reporting service database available?
Please help us.
Regards,
Sankar N
View 1 Replies
View Related
Jul 19, 2007
I am attempting to move some SQL 2000 databases to SQL 2005. My main production database does not seem to want to move. When I use the SQL 2005 GUI the .bak backup file is marked 'Incomplete'. When I attempt to restore the backup file I get a 'RESTORE detected an error on page (0:0) in database' message. I saw a thread in the SQL Express forum suggesting trying to restore from the T-SQL level to get the GUI out of the picture and I get the same 'error on page (0:0)' message. However when I take the same file and use SQL 2000 Enterprise Manager it restores with no problems.
Any ideas?
Thanks
Mike Mattix
View 8 Replies
View Related
May 19, 2008
Hi, I am trying to edit some data from a SQL2000-datasource in ASP.NET 2.0 and have a problem with a column that has bit-data and is used for selection. SQL2005 works fine when declaring <SelectParameters> <asp:Parameter DefaultValue="TRUE" Name="APL" Type="boolean" /> </SelectParameters>When running this code with SQL2000, there are no error-msgs, but after editing a record the "APL"-column looses its value of 1 and is set to 0. Looks like an issue with type-conversion, we've hit incompatibilities between SQL200 and 2005 with bit/boolean several times before. So, how is this done correctly with SQL2000? (I've tried setting the Type to "int16" -> err. Also setting Defval="1" gave an err) ThanksMichael
View 2 Replies
View Related
Mar 13, 2006
Hi,i have SQL 2000 and 2005 on same machine(with different intance names,of course), my laptop - XP with SP2. The 2005 works fine but i can'tconnect on SQL 2000. All the the SQL services are started.Any idea? Have i to reinstall 2000?Tks,Lourival
View 1 Replies
View Related
Apr 30, 2008
I have to merge the data from two databases, one is in SQL Server 2005 format, one is in 2000. The merged data will then reside on a SQL Server 2000 platform. Is there an easy way to do this through Management Studio or Enterprise Manager? Or will we have to export the data from the 2005 database to a flat file and import it into a new 2000 database. And then do the merge?
TIA
View 4 Replies
View Related
Dec 18, 2007
I am in the process of migrating from Sql Server 2000 to 2005. Part of my plan is to move some database's to 2005, but use the 2000 compatibility mode for the short term. My issue is this, our DR boxes are still on SQL Server 2000, would I still be able to use our log shipping processes? Or would I be better off in starting with migrating the DR boxes to 2005 first?
Thanks in advance.
View 3 Replies
View Related
Jun 15, 2006
I have several SQL 2000 servers I need to setup transactional (non updatable) replication with. The structure is:
SQL Server 2000 as Publisher/Distributor
SQL Server 2005 Standard as Subscriber
The connection is via the Internet with snapshots using FTP.
I setup the first set (2 databases at location A). They work wonderfully. I created the publication and then subscribed using MGMT Studio for 2K5.
II am setting up the same scenario for location B. Here is my problem:
In MGMT Studio I connect to the publisher (SANDRA). I right-click a publication and choose New Subscriptions..., the publication is already selected. I click next - Run each agent at its Subscriber is selected and the only option (this is desired), I click Next
HERE IS THE PROBLEM:
On the Subscriber's screen there are no Subscribers listed. When setting up location A the subscribing server was listed and I could choose a database. The Next button is greyed out and there is no way to create/add one.
I tried setting up the subscription by right-clicking the subcribing server's Replication folder in MGMT Studio but I get the same result (except that I have to authenticate with the publishing server which works fine).
WHAT'S DIFFERENT:
Location A is SQL Server Standard (SP3) running on SBS2K3. It is obviously on a domain and so SQL Server and the SQL Agent are running under domain accounts. Location B is a Windows XP SP2 machine running SQL Server Personal Edition (it actually says Development Edition in the properties window).
The databases are the same strucutre, different data. At location A the firewall is set to allow 1433->*any* and *any*->1433 where *any* is 1024 or higher. On the XP machine the firewall is set to allow port 1433. I don't think this is the issue because I've turned the firewall off on the XP machine and I get the same result.
ANY IDEAS?
View 5 Replies
View Related
Jan 19, 2007
Most of our sql servers ar still sql 2000. Our programmers created many sql 2000 database diagrams using EM. But they can not access them under sql 2005. (They now have only sql 2005 tools installed on their boxes.)
Question: can we reinstall the sql 2000 client tools on their boxes without affecting the current sql 2005 install on their boxes?
Question: is there any workaround negating the need to ihstall the sql 2000 client?
TIA,
barkingdog
View 1 Replies
View Related
Jul 23, 2005
What does the "[dbo]." mean in the following sql script stmts?use [IBuyAdventure]GOif exists (select * from dbo.sysobjects whereid = object_id(N'[dbo].[Accounts]')and OBJECTPROPERTY(id,N'IsUserTable') = 1)drop table [dbo].[Accounts]GOand if you please, what does the "N" in N'IsUserTable' mean?thanks,-Steve
View 2 Replies
View Related
Aug 2, 2000
Can anyone tell me the purpose to using service accounts in SQL Server rather than just having the services start as a system account.
Thanks
John Shurer
john.shurer@gte.net
View 2 Replies
View Related
Mar 1, 2001
Hi,
How can i code a SQL statement that will return the top 20 accounts from a huge client table?
Thanks
View 1 Replies
View Related
Jan 26, 2012
I am setting up Replication and have a question about what's considered best practice for the accounts that will be running the replication agents. Microsoft says, "Run each replication agent under a different Windows account, and use Windows Authentication for all replication agent connections." What they don't say is whether these accounts are local accounts or domain accounts.
Which should I use/create, domain accounts or local accounts?
View 1 Replies
View Related
Jun 18, 2008
The following error keeps being reported in the Domain Controller Logs:
"There are multiple accounts with name MSSQLSvc/....."
View 1 Replies
View Related
Jan 26, 2007
Im pretty new to DBA world
We have a SQL2005 Standard setup with mirror and witness
I create a Database in the Principle, create a SQLLogon account and give it permission to the database. All works.
I then fail the databse over to SQL2 and the database is there, it has the SQLAccount I create at the database level, but a logon does not work. I notice there is not login account at the database level and If I attempt to create one, I am told there is one already. I try to assign permission to that account for the database and it again replys that there is already on.
Is this refered to as an orphaned logon?
I was a post on Moving logins from on server to another, is that what I must do?
THank you
View 7 Replies
View Related
Sep 15, 2000
When creating a login account, it is associated with a default database.
Is it then necessary to grantdbaccess to the default database?
View 1 Replies
View Related
Jun 7, 2005
I just had a question,
Is it possible to have a different account for the accoutn that starts the MSSQLServer service and the account tied to the Mail profile on the server?
We had created an account to start the SQLServer but we are in a network where we have a 1 way trust with another domain, we trust them but they dont trust us, and our exchange is on their domain.
WE currently use Windows authentication so our account used to start SQL Server would not be trusted by exchange.
Our thoughts on a solution were to have them create a service account that we would have access to the mailbox and would also start the SQL Server but thats it.
I was just wondering if anyone else had any other suggestions.
Thanks.
View 1 Replies
View Related
Jan 17, 2005
Hi,
how do you create a username and password for a database in SQL.
Thanks
View 3 Replies
View Related
Aug 18, 2006
Hi Everyone. I have 150 SQL servers (2000 MSDE). They all run using various domain accounts as their service logins. Is there an automated way to find out those service logins? Maybe a query I could run on each server? I really do not want to go to each of those 150 servers and look at their properties manualy! :S Any help would be greatly appreciated! Thank you.
View 6 Replies
View Related
Aug 9, 2013
I have 3 tables
CREATE TABLE [dbo].[ACCT_MASTER](
[POLICY_YEAR] [char](4) NULL,
[GL_ACCOUNT] [nvarchar](8) NULL,
[GL_ACCT_DESCRIPTION] [nvarchar](100) NULL,
[GL_ACCT_LINE_NUM] [int] NULL,
[GL_NUM_LINE_NUM] [int] NULL,
[GENERAL] [int] NULL,
[Code] ....
ACCT_MASTER HISTORY Dates
Gl_ACCOUNT yearGL_NUMBER Perid
12345-00 201312345-00-20131304
67890-00 201067890-00-20101305
54321-08 201354321-00-20131304
.
.
Total of 3640 accounts
I can't figure out how to display all 3640 accounts. If there is no match in HISTORY table for this period display 0 for the calculations but display Gl_ACCOUNT + year.
12345-00-2013
67890-00-2010 0
54321-00-2013
All 3640 rows here
My code shows only 3469 records.
select M.GL_ACCOUNT +'-'+ isnull(policy_year, '0000')NewGL, isNull (SUM(PRIOR_VDIFFPRIOR), 0)as [PriorEndOfMont],
ISNULL(sum(CURR_VDIFFPRIOR),0) as [CurrentEndOfmonth] ,
isnull (SUM (PRIOR_VDIFFPRIOR),0) - isnull (sum(CURR_VDIFFPRIOR),0) as Difference
from GL_ACCT_MASTER m
left outer join SUMMARY s on M.GL_ACCOUNT +'-'+ isnull(policy_year, '0000') = s.GL_NUMBER
group by GL_NUMBER,M.GL_ACCOUNT +'-'+ isnull(policy_year, '0000')order by GL_NUMBER,M.GL_ACCOUNT +'-'+ isnull(policy_year, '0000')
View 3 Replies
View Related
Feb 17, 2004
Is it possible to write a T-SQL scripts to change the accounts that run the SQLExec service and the SQL Agent service? If so how?
View 7 Replies
View Related
Jun 12, 2007
I have a SQL2005 in a cluster environment, for some reason the only way that user accounts can login to either the database or SSMS is to grant them the SysAdmin role. This access is a little to high for my liking and am wondering if anyone else has come across this before.
Thank you
View 15 Replies
View Related
Jan 22, 2008
I don't understand why this subquery doesn't work. If I replace the subquery with a View it works. I am trying to determine the number of "active accounts" in a group of transactions during December. What am I missing?
SELECT salesrun_id, Count(account_id) FROM
(SELECT salesrun_id, account_id FROM Trades t
WHERE t.date > '2007-12-01'
GROUP BY t.salesrun_id, t.account_id)
Msg 102, Level 15, State 1, Line 4
Incorrect syntax near ')'.
View 2 Replies
View Related
Dec 12, 2006
I've just been looking at a new 2005 install and found 3 logins:SERV1SQLServer2005SQLAgentUser$SERV1$MSSQLSERVERSERV1SQLServer2005MSSQLUser$SERV1$MSSQLSERVERSERV1SQLServer2005MSFTEUser$SERV1$MSSQLSERVERAre these logins created during the install of SQLServer2005 by defaultand what are they used for ? Can they be deleted safely ? If they arerequired, can the names be set during install to something else ?TIALaurence Breeze
View 4 Replies
View Related
