SQL 2005 Login With Windows Accounts
Dec 19, 2006
Hello,
I'm having a problem using Windows Accounts to login to a SQL 2005 Server.
Here is my setup. The SQL server and web server are separate machines. I'm also not developing directly on the web server.
SQL Server
- Windows 2003 Server
- SQL 2005
- Set to use SQL and Windows Authentication
Web Server
- Windows 2003 Server
- IIS 6.0
- Anonymous Authentication is disabled
- Integrated Windows Authentication is enabled
Application web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<appSettings>
<add key="ETR_Environment" value="Dev"/>
</appSettings>
<connectionStrings>
<add connectionString="Data Source=sql-dev-server, 1179;Initial Catalog=ENV_ETR;Integrated Security=SSPI;" name="ETR_Dev"/>
<add connectionString="" name="ETR_Prod"/>
</connectionStrings>
<system.web>
<compilation debug="true" strict="false" explicit="true"/>
<pages>
<namespaces>
<clear/>
<add namespace="System"/>
<add namespace="System.Collections"/>
<add namespace="System.Collections.Specialized"/>
<add namespace="System.Configuration"/>
<add namespace="System.Text"/>
<add namespace="System.Text.RegularExpressions"/>
<add namespace="System.Web"/>
<add namespace="System.Web.Caching"/>
<add namespace="System.Web.SessionState"/>
<add namespace="System.Web.Security"/>
<add namespace="System.Web.Profile"/>
<add namespace="System.Web.UI"/>
<add namespace="System.Web.UI.WebControls"/>
<add namespace="System.Web.UI.WebControls.WebParts"/>
<add namespace="System.Web.UI.HtmlControls"/>
</namespaces>
</pages>
<authentication mode="Windows"></authentication>
<customErrors mode="Off"></customErrors>
<authorization>
<allow users="XXXWilliam.Klein"/>
<deny users="*"/>
</authorization>
</system.web>
</configuration>
The reason why I want to use the windows login to connect to the database is the application needs to keep track of who did what when entering and updating data but still keep them using there windows login accounts. So using a generic account will not work.
What keeps happening is I keep getting this error: Login failed for user 'NT AUTHORITYANONYMOUS LOGON'. When trying to connect the database. I've tried this on two web servers on another I get something slightly different: Login failed for user 'XXXWeb-Server$'.
Anybody able to give me any suggestions on how to fix this?
View 12 Replies
ADVERTISEMENT
Aug 12, 2015
We are seeing login failures for windows accounts. Below is the error message.
Description:Â In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment:
Microsoft SQL Server 2014 - 12.0.2402.0 (X64)
RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon       Error: 18456, Severity: 14, State: 11.
2015-08-10 22:36:45.290 Logon       Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
2015-08-10 22:41:23.470 Logon       Error: 18456, Severity: 14, State: 11.
2015-08-10 22:41:23.470 Logon       Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
Troubleshooting done:
- Recreated the windows login in sql server. Doesn't work.
- ran sp_valdidatelogins. it doesn't return any rows.
- I belong to sysadmin role and when I say, getting below error message.
xp_logininfo 'domainloginname'
/*
Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 64
Could not obtain information about Windows NT group/user 'domainloginname', error code 0x5.
*/
We tried dropping this account and re-creating the windows account with same permissions but still result is same.It throws same error message. Login failure message !!!
View 18 Replies
View Related
May 15, 2008
This may be an idiotic question:
I am attempting to use Visual Web Developer Express with a connection to a SQL Express db from a non-admin account on my XP Pro SP2 machine.
I can do everything in the app under an admin login, but can't seem to configure the db to allow the non-admin account access to the db. I've tried tweaking WMI, using Network Service, Local Service, and Local System with NT AUTHORITY, individual logins, and group permissions, but I'm stuck.
Any thoughts?
View 5 Replies
View Related
Jan 18, 2008
I'm attempting to write a script that I can execute accross 30 servers that will create a domain login and subsequently grant access to said account on all databases per server. The only problem that I'm running into is trying to dymanically create the login. Example source is below.
declare @sql varchar(1000)
declare @loginname varchar(50)
select @loginname = 'DOMAINaccountname'
set @sql = 'if not exists (select * from master.dbo.syslogins where name = N' + char(39) + 'DOMAINaccountname' + char(39) + ')' + char(10) + char(13)
set @sql = @sql + 'begin ' + char(10) + char(13)
set @sql = @sql + char(9) + 'exec master.dbo.sp_grantlogin ' + quotename(@loginname)
print @sql
exec (@sql)
Here is the generated output and the error. Any suggestions would be appreciated.
if not exists (select * from master.dbo.syslogins where name = N'DOMAINaccountname')
begin
exec master.dbo.sp_grantlogin [DOMAINaccountname]
Msg 102, Level 15, State 1, Line 3
Incorrect syntax near 'DOMAINaccountname'.
View 4 Replies
View Related
Apr 16, 2008
Hello all,
I have 2 networked PC's both running vista ultimate
1st is Laptop and is running its own SQL Server at laptoplaptopSQL
2nd is Desktop and is running its own SQL Server at desktopdesktopSQL
Now both machines have seperate windows login accounts.
When I go SQL Server management studio I go to browse and each machine can see the other machines SQL Server, but when I go to login I get SQL Login falied for users" The user is not associaed with a trusted SQL server connection".
So I then go to logins new login and try to add my other pc's user account.
The problem I see is that when I go to search and then location it only shows its own PC's location and not the location of my other networked pc? So if I am on Desktop and in my theory want to add laptopuser to the desktop SQL Server logins I get:
"create failed for login laptopuser
An exception occurred while executing Transact SQL statement laptopuser is not a valid windows NT name. give the complete name
Not sure on where to go from here.
Any help would be great
View 10 Replies
View Related
Sep 15, 2000
When creating a login account, it is associated with a default database.
Is it then necessary to grantdbaccess to the default database?
View 1 Replies
View Related
Jun 12, 2007
I have a SQL2005 in a cluster environment, for some reason the only way that user accounts can login to either the database or SSMS is to grant them the SysAdmin role. This access is a little to high for my liking and am wondering if anyone else has come across this before.
Thank you
View 15 Replies
View Related
May 16, 2008
Hi,
We have just created a new Windows 2008 server running SQL 2005 64 bit. I am in the process of migrating old SQL 2000 databases onto this new server. One of the databases required a SQL login for some Windows groups that get created from the SMS software. I'm having a problem when I go into create a new login, select object type Groups, from this location , I enter the object name and click Check Names and it finds it. I select okay and everything looks good. But when I click ok on the New Login screen, I get the 15401 error saying that Windows NT user or group not found. I have gone into the Server Manager - Groups and verified that the group exists, and it does. The only thing I see when I click properties is on the bottom right had side of the screen it says "Changes to a user's group membership are not effective until the next time the user logs on." It says this for all the groups on this server and I get the same error message when I try to add any group. I have had the user that is a memeber of this group log off and back on a few times, but it still says the same thing and I still get the same error.
Anyone have any ideas on what the problem might be? Is there something on the Windows 2008 server setup that we missed?
Thanks,
Isabelle
View 1 Replies
View Related
Apr 8, 2007
I am no DBA, but this is my task.I have an SQL Server 2000 Database that has an "SQL Account" that hasexecute permission on all Stored procedures. it is what was used bythe company. This one account is used by "all workstations".I want to fix this and use Windows Accounts, and get rid of that SQLAccount. How do I go about adding that Windows Account permission toall the Stored Procedures?What I want to do is to just add several windows account then go aboutremoving the permission where necessary on an account by accountbasis.Any suggestions would be greatly appreciated!
View 2 Replies
View Related
Dec 21, 2000
Is it possible to rename a SQL Login or User account?
View 1 Replies
View Related
Jan 4, 2006
Hi, Happy New Year!
I have been struggling with this problem for a while with SQL 2005. I have never had such login problem with SQL 2000. Here is the scenario:
I have installed SQL2005 standard version on a XP Pro box and I am trying to access it from another XP Pro machine. I can access it using a SQL user name and password that I set up on the server, but I have not had luck with using Windows NT Integrated security. When I try to connect to it (e.g. by a UDL file), I get an error saying Login failed for user €˜HP-AMD64Guest€™ where €˜HP-AMD64€™ is the name of the PC running the SQL 2005. I can access the files on the machine without any problem. I do not understand why it uses €˜Guest€™ that is not what I use to log on my machine. Does anyone have any clue to offer me?
Thank you in advance!
h
View 14 Replies
View Related
Aug 29, 2007
HI all,
I would like to ONLY allow using SQL Server authentication and restrict Windows Authentication. At the moment, i set the security to "SQL server and windows authentication". Now, even though i set the password for "sa", i can ignore the SQL Server authentication and just use Windows authentication to manipulate database objects???
can anybody give some suggestions to restrict windows authentication and allow sql server authentication?.
Thanks in Advance
Best Regards
Ihsan
View 1 Replies
View Related
Feb 12, 2008
In a previous thread, I got some help from you all in figuring out how to deploy a per-machine desktop application and database so that it would be available to all Windows accounts on the machine. Basically the advice was to create an SQL user for the database with the BUILTINUsers login which had the necessary privileges for connection.I have tried this approach, but I am still having problems with connections for unpriveleged users. I have given the database user the role of db_Owner as well as other roles, but it seems to make little difference. I have been trying the deployment on several machines running XP, and I get several different responses. But primarily I get the "CREATE DATABASE permission denied in database 'master'" error. All of these computers seem to have the same database user level permissions, but obviously there must be differences somewhere. That worries me from a deployment standpoint.
I don't want to make any changes at the server level login properties for Builtinusers, but I have experimented with changing these, and I've found that giving sysadmin privileges to BuiltinUsers works great. But I doubt that anybody would be very happy with that solution.
I'm confused about the "Create Database" message, because I'm not explicitly creating any database at application startup time. It also seems like this might be an attachment problem, but I'm not sure about anything. Is there really an attachment and detachment of the Express database every time the application is run?
So my bottom line questions are:
Which database level privileges do I need to give to my SQL user with BuiltinUsers login so that any Windows account can connect and write to the database?
Can I accomplish this goal without changing any server level privileges for the BuiltinUsers login.
Thank you.
View 7 Replies
View Related
Jun 22, 2007
Hi,
I recently installed an evaluation copy of SQL Server 2005 Enterprise Edition on my local machine and during the installation I used Local System system account for the SQL Server service and set the server to use Mixed Mode authentication.
I am able to connect to this local server Database Engine with my Windows login through SQL Server Management Studio and am able to perform sysadmin tasks. My question is why?
My thinking was that even though my Windows login would provide me a connection to the server, I would still have to manually add this login to the sysadmin server roles but after checking the sysadmin role, my Windows login isn't in there. The Windows login is not found under Security - Logins in SSMS either.
Can someone tell me should details for the login be visible on the server and why it seems to have sysadmin permissions ?
Thanks
View 1 Replies
View Related
Feb 29, 2008
Hi Folks SQL2k on NT4 Domain I have a UserDB on SvrA - Access to UserDB is Via a DomainGroup and is assigned db_owner role UserDB Executes a local SP which in turn Executes a remote SP on SvrB via a Linked Server The Linked Server Login Security is via mapping to a remote account which has db_owner on the remote DB. I would like to. a) stop ALL users on SvrA from being able to use this linked serverb) tightly restrict permissions of the remote account to the remote db Is it possible to MAP above local server login to remote server login as the local login is via a domain group. I cannot significantly alter UserDB current Login Security I'm also worried that another system/db is utilizing this Link (legally) but I'm not allowed on the production box to monitor it (Hhrummphh - but unfortunately I have the job of providing scripts to tighten security :rolleyes: - hence the prefference for mapping local to remote users I'm sorry I'm not well versed in SQL Security & this is only a central part of my bigger security job(involving horrible RPC's, dynamic SQL, heteregeounous joins, double hops, delegation etc) Any help appreciated GW
View 11 Replies
View Related
Dec 20, 2000
I have jsut started using SQL server 7 and am having problems with accounts permissions, users,roles, groups, owners etc what are the differences?
View 1 Replies
View Related
May 24, 2015
I am just wondering if i can control the access of range of variables from users' logins.
To be more specific, if i a parameter alpha has five values (1,2,3,4,5) and then i have 3 users A, B C, what i need is:
1. A can access Vaues(1, 3)
2. B can access Values (2, 4)
3. C can access Values(3,5)
Is there anyway i can do this either from the stored procedure i am getting the data or i can do it on SSIS development side?
View 4 Replies
View Related
Aug 12, 2015
I cannot get a consistent answer as to how many domain accounts would be suggested in a SQL Server 2014 installation. Previously the recommendation was a separate account for each service to provide isolation and minimum permissions for each account. It seems from what I've read that a single domain account would have something added to make it unique from SQL Server's perspective. Several still advocate multiple accounts. I don't know if they are doing so because that's the way it's always been done or if there is still some compelling reason to do so. I don't want to create unnecessary accounts simply because something is "ideal."
View 8 Replies
View Related
Jul 23, 2015
Do we still need the below service accounts in SQL 2008+ version even if we have proper SQL service accounts added in the logins?
[NT AUTHORITYSYSTEM]
[NT ServiceMSSQLSERVER]
[NT SERVICEReportServer]
[NT SERVICESQLSERVERAGENT]
[NT SERVICESQLWriter]
[NT SERVICEWinmgmt]
View 0 Replies
View Related
Jul 9, 2015
I am currently hardening our SQL 2012 (with AlwaysOn Availability Groups) environment. Both the SQL service and agent account are using service accounts (only domain user). SQL browser service is disabled. Permissions to all roles are handled by using domain groups.
Currently a lot of (default) NT Service accounts are listed (some with sysadmin privileges). Are there accounts that can be removed?
View 3 Replies
View Related
Jul 26, 2006
We are in the mist of a SQL project that also includes tighting the locking down of our SQL Servers. We generally remove certain accounts from security such as Built-inAdministrators. On SQL 2000, this is pretty straight forward. However SQL 2005 adds a few new accounts that we must take into account.
Once we load SQL 2005, NT AUTHORITYNETWORK SERVICE, NT AUTHORITYSYSTEM, <servername>SQLServer2005MSFTEUSER$<servername>$<instancename> now appears. Althought they are not in any obvious server roles or has access to any databases. I also noticed these accounts are denied permissions to connect to the database engine althought the login is enabled.
In addition, there are a number of Local Windows groups that were added. There are additional groups added for the purpose of taking advantage of certain SQL Features (full text, intergration service, etc).
The question is what is the harm in removing these accounts from SQL? From Windows? Although we are not using these services now, I installed them when I setup the server. Will removing these services also remove these account?
Thanks
Akinja Richards
View 4 Replies
View Related
Apr 26, 2015
Oracle and Teradata are able to capture the windows/client login that connects to their database with a functionnal ID.I've searched around and I don't think MS SQL can do this...I administer SQL 2014 server and also SAS Enterprise guide product. I've created sql server logins for several teams so everyone shares the same sql server login which is used to bind the SAS library to my SQL server database.
However, when looking at activity monitor, I can't drill down to which user is executing a particular query. I only see the SQL login which is share amongs 200 other folks.On the other hand, when they connect from SAS to Oracle or Teradata, I can see the shared login + additionally their windows NT login used to connect to SAS which is awesome....they can't fool me by using a shared/funcionnal ID....i still see who's using that ID...
View 2 Replies
View Related
Nov 21, 2007
I have been reading through many postings here, through the MS SQL Server Unleashed book by SAMS, the MS SQL Tech article "Failover clustering for Microsoft SQL Server 2005 and SQL Server 2005 Analysis Services" for installing a brand new SQL 2005 2 node cluster.
So far I have not found the definitive answer that I am looking for and that is, what rights does the SQL service account need to work properly? One article states that it needs both Domain Admin permissions and local admin permissions (and this is a domain account by the way) and then another article states that it only needs domain users group permissions and the least amount of privledges possible.
Can anyone please tell me what is correct for installation and running the server? The more I read about this the more confused I get.
Please be patient as I am brand new to SQL.
Thank you very much!
View 3 Replies
View Related
Jul 12, 2006
Hi There
Currently we run a certain instance , agent under local system on a server.
I want to create specific domain accounts for the sql server service and agent, now i know that one should create these accounts with the least priviledge for security reasons.
cannot find the topic in BOL, can some please give me the BOL topic or a link to exactly what the least priviledge is for the domain accounts for sql server services.
Thanx
View 4 Replies
View Related
Apr 6, 2006
Hi all,After working for weeks on a project in VB.Net, I decided to deploy atest version on a user's computer.The user's XP SP2 computer has sql server xpress 2005 installed, and myVB.net creation. Everything works without problem when the user's XPaccount is set with Administrator permissions. But when i change theuser account to Limited, the program fails with the following message:"Failed to generate a user instance of SQL server due to a failure instarting the process for the user instance. The connection will beclosed."The connection string I'm using is: "DataSource=.SQLEXPRESS;AttachDbFilename="|DataDirectory|DbTrial1.mdf";IntegratedSecurity=True;User Instance=True;Connect Timeout=30"Is there a workaround to get access for XP users with limited accounts?Many thanks :)p.s. allready tried changing in the connection string to "UserInstance=False", but then i get the error "An attempt to attach anauto-named database..... failed.. etc"And I've already tried the most common suggestion to delete the"SQLEXPRESS" folder in local settingsapplication data... but thatdoesn't do anything either :(
View 1 Replies
View Related
Jan 19, 2007
Greetings,
One of the DBs on my mssql server should ask for a login and password to change content. The content/DB is access via web page. Any suggestions as to why it has suddenly stopped challenging the user for login? I checked the services and all the necessary ones seems to be running.:confused:
Thanks in advance.
spdunne
View 1 Replies
View Related
Mar 26, 2008
Hallo there,
I just upgraded from Windows XP Pro to Windows Vista Bussiness and tried to reinstall SQL Server 2005 Developers Edition. After the installation i downloaded (using microsoft windows update) and installed all the service packs for sql and vista available.
My problem is when i open sql server management studio and try to connect to my default instance using windows authentication and database engine, an 18456 error occurs.
I enabled all the protocols and all the ports
I disabled windows firewall and antivirus (eset nod32)
I installed all service packs available
I have also installed Visual Studio 2005 without installing sqlexpress
But nothing happens!
Please i am very desperate, any information will be gratefully accepted.
This is my installation Information
Code Snippet
Microsoft SQL Server Management Studio 9.00.3042.00
Microsoft Analysis Services Client Tools 2005.090.3042.00
Microsoft Data Access Components (MDAC) 6.0.6001.18000 (longhorn_rtm.080118-1840)
Microsoft MSXML 3.0 5.0 6.0
Microsoft Internet Explorer 7.0.6001.18000
Microsoft .NET Framework 2.0.50727.1434
Operating System 6.0.6001
Thank you in advance,
Patonios
View 3 Replies
View Related
Jun 22, 2007
I've got a Windows login, which I cannot drop. I have checked about everything I can think of and can't find a connection to this user. Is there a script which anyone has which will list all object referencing this users? SQL 2005 ENT x64. It's a windows domain user.
View 1 Replies
View Related
Feb 18, 2002
Hi,
I have created a Windows user login and have granted it the appropriate roles (including a revoke).
As a test I also created a standard user and gave it the same roles as above.
When I run a query against the revoked table, the results are unexpected.
The Windows user can run the query, and the standard user gets a permissions error (which is what i expect).
Does anyone have any ideas as to what is happening here? I am still confused.... Does it have anything to do with the public permission that much be granted?
Thanks
View 1 Replies
View Related
Sep 26, 2002
Hi
My platform is mainly windows nt4 server with two windows 2000 member servers. We recently acquired a higher spec machine to replace the old sql 7 server that is on windows NT4 box. The new server is a windows 2000 box and I have installed sql 7 on it.
The problem is when I try to create a new login it does not give me the option to select my domain. When I select new login and go for windows nt4 authentication the drop arrow for Domain only has the server name and not the domain name. If I manually input the domain name it rejects it.
I do not have Active Directory or a local dns server running on my network as we have no intention of migrating to Win2000 until next year. Our internet service provider handles our dns issues.
Is it not possible to install sql7 on win2k box.
Thanks
Eve
View 4 Replies
View Related
Apr 28, 2008
Is it possible for me to login using windows login information that is separate from my current windows login? That is to say, can I login to a SQL server using windows athentication but actually specify the login and domain information? I woul like to login to a SQL server from a computer that is not part of the domain using my windows credentials and not a SQL user name.
View 5 Replies
View Related
Jan 16, 2007
Is it possible to create a windows authentication login for each of the computers on my network that will connect to sql server. I am developing a program that will be installed on multiple computers and we do not want to actually have to log in to sql server since we will have to log in to the server before opening the program and we dont want to have 2 logins. I would like to use windows authentication so that I do not have to program multiple connection strings in my program so that if more than 1 person accesses the database at the same time it will not cause a problem with using the same login. Is this possible and if so how would I go about setting up the logins. I am using SQL Server 2005 and XP SP2
View 8 Replies
View Related
Jul 20, 2005
Hello,I am putting together a row level security plan for our salesdatabase. I will give a brief description of the method I am thinkingof using to give you an idea of how I will need to be able to discoverthe group or login the user is using to access the data.I have a table called salesfact, it has all the sales info for all thebranches of our company. Each order(row) that is inserted has an entryin the division_number column to describe which branch the orderbelongs to. I have created another table(Branch_Folks) that has fourcolumns; username, windows_group, SQL_Login and division_number.I am using a view and SQL logins to control access to the data basedon the user, the SQL logins give windows groups access to the view.Only users that are added to the specific branch groups will haveaccess to the logins, but if a user is added to the group without mebeing notified, then he will not have a corresponding entry in theBranch_Folks table. Currently I am using the SUSER_SNAME() function todetermine which user is accessing the data from the view that I havecreated. The view uses this select statement to filter the data basedon the user & division.Select * from tsalesfact A, Branch_Folks B where SUSER_SNAME() =B.username and A.division_number = b.division_numberThis method works fine, but I will have to manually maintain the userlist in the Branch_Folks table in case a new user joins the windowsbranch group. I would like to use a function similar to SUSER_SNAME()that can determine the windows group or SQL Login a user is using.Does anyone know of a way to do this??Thanks a ton,Tim
View 1 Replies
View Related
