SQL Security :: Adding A Windows Login Did Not Permit Access To End User Databases
Oct 24, 2015
Deleting a Login from a server instance and adding it back did not show that the login was still mapped to databases. In SQL Server 2008, adding a Windows Login did not permit access to end user databases until the Windows Login was mapped to various databases. In SQL Server 2012, once a Windows Login is added to SQL Server Security, it may access ANY end user databaseWe use the following to circumvent this problem, Windows Login by Windows Login: DENY VIEW ANY DATABASE TO [TESTTest1]
I am trying to connect SQL database through code but I get this error,I have spent days to solve it but unfortunately I couldn't...Here is my code in VB express(OP:windows 2000 with SP4)I am new to VB,so it makes the situation more difficult for me.
my code is:
Public Class Form1
Private Sub Form1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Dim conn1 As SqlConnection = _
New SqlConnection("Data Source=.SQLEXPRESS;" & _
"Integrated Security=SSPI;" & _
"database=deneme3_database;")
'Open connection
conn1.Open()
MessageBox.Show("Connection succeeded.")
'Close connection
conn1.Close()
MessageBox.Show("Connection closed.")
End Sub
The error message is,it is in german but it is clear I guess:)
" Die von der Anmeldung angeforderte "deneme3_database"-Datenbank kann nicht geöffnet werden. Fehler bei der Anmeldung. Fehler bei der Anmeldung für den Benutzer 'ADPLANatalay'. "
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
I have to give three users read access to a database.  My manager told me to map them to a User called "zxDatabase.Read.ug". I scripted the User and got this...
I don't see a Login at the server level named zxDatabase.Read.ug, so this is confusing. Where is this login in SSMS?
How do I map my three users to user zxDatabase.Read.ug. Or am I not understanding correctly? Do I just add there windows login to the database as Users and configure them the same as zxDatabase.Read.ug
We are looking at developing an SQL Server 2005 Database and I would like to use Windows Authentication rather than SQL Server Authentication to connect our client app.
In our development environment, we have two Servers, one being used as a file server and the other as an SQL Server. We have now set up a domain using the file server as the domain controller. (We had previously been set up to use a workgroup).
I have set up an active directory group called SqlDevelopers and added an active directory user called Jonathan to it.
On the SQL Sever, in management studio, I have set up a new server login which uses windows authentication called DomainSqlDevelopers. I used the GUI to verify I could see the domain and the group.
The default database is set to a test database on the server. A user in the test database is mapped to the DomainSqlDevelopers and given the Roles dbo, db_datareader, db_datawriter.
To test the log in, on the server, I logged out as administrator and in as Jonathan. I could successfully access the server through management studio using windows authentication.
However, if I log in as Jonathan on my client PC and try to access the SQL Server using management studio and windows authentication, I have problems.
The first time I try I will get a timeout error. If I try again will get either:
Login failed for user ''. The user is not associated with a trusted SQL Server connection
Or
Cannot generate SSPI context
I can€™t determine any pattern to which of the above errors I get.
However, if I log in as administrator on my client PC, I can connect to the server using management studio and windows authentication.
Sounds like Active Directory/Domain or other Network issue (Not really my area). I would be grateful for any help.
We are seeing login failures for windows accounts. Below is the error message.
Description:Â In our env most logins are windows accounts. Initially we thought it is an UAC issue and we tried to launch the SSMS using "Run as Administrator". However, we are seeing login failures.
Enviroment: Microsoft SQL Server 2014 - 12.0.2402.0 (X64) RTM Enterprise Edition (HyperVisor)
Error Message in Error Log :
2015-08-10 22:36:45.290 Logon       Error: 18456, Severity: 14, State: 11. 2015-08-10 22:36:45.290 Logon       Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx] 2015-08-10 22:41:23.470 Logon       Error: 18456, Severity: 14, State: 11. 2015-08-10 22:41:23.470 Logon       Login failed for user 'domainloginname'. Reason: Token-based server access validation failed with an infrastructure error. Check for previous errors. [CLIENT: 10.xxx.xxx.xxx]
Troubleshooting done: - Recreated the windows login in sql server. Doesn't work. - ran sp_valdidatelogins. it doesn't return any rows. - I belong to sysadmin role and when I say, getting below error message.
xp_logininfo 'domainloginname' /* Msg 15404, Level 16, State 19, Procedure xp_logininfo, Line 64 Could not obtain information about Windows NT group/user 'domainloginname', error code 0x5. */
We tried dropping this account and re-creating the windows account with same permissions but still result is same.It throws same error message. Login failure message !!!
In my DB (SQL 2012) one windows authentication is created automatically and a schema is created exactly automatically that this user is owner of this schema. (e.g the user is domainx and schema exactly domainx).
I created a DDL Trigger on my DB to find out who and how it is created , but I didn't get any useful information.
I change the owner of schema that I can delete the schema and after that delete the user, and sometimes because the user is owner of a service , I have to alter the owner of the service to DBO and delete the user , but again and again exactly this user and schema (e.g domaninx ) are created as soon as I delete it.
I have read these topics : [URL] .... and [URL] .... but can't solve my problem.
I have a test environment set up at home with a small windows server 2003 Active Directory domain. I created a windows security group on the dc and added myself and another user to the group. I then use this group as a login for SQL Server and add the login to the sysadmin server role. This works exactly as I would expect on the Windows Server computer (which is also the Domain Controller) regardless of which computer I use to connect to this Windows Server computer. However, when I set up the exact same login on the local sql server instance of my client laptop running windows xp pro, the I get an error message (Login failed for user MYDOMAINdgolds...) when I attempt to connect to the local instance of SQL server, even though I am able to connect to the instance on the domain controller with no problems using this same client laptop under the same user account. The only way I am able to connect locally on the laptop under this account (which does not have local admin privileges on any box, for testing purposes) is to add the user account separately as a login, rather than as part of a group. I'm curious as to why being a member of a security group that is part of the sysadmin server role does not allow me to connect to the local instance of SQL Server on this client laptop. The windows server computer is running SQL2k5 Enterprise, and the client laptop is running SQL2k5 developer. Any insight into this would be appreciated.
I have been struggling with this problem for a while with SQL 2005. I have never had such login problem with SQL 2000. Here is the scenario:
I have installed SQL2005 standard version on a XP Pro box and I am trying to access it from another XP Pro machine. I can access it using a SQL user name and password that I set up on the server, but I have not had luck with using Windows NT Integrated security. When I try to connect to it (e.g. by a UDL file), I get an error saying Login failed for user €˜HP-AMD64Guest€™ where €˜HP-AMD64€™ is the name of the PC running the SQL 2005. I can access the files on the machine without any problem. I do not understand why it uses €˜Guest€™ that is not what I use to log on my machine. Does anyone have any clue to offer me?
In Ms SQL 2000, I want to be able to share my database with another user butI only want them to be able to look at the database and not be able tochange anything.Does anyone know how I go about doing this?
Hi, I hv an application which is using ASP.net. The connectionstring in web.config is <appSettings> <add key = "constring" value = "Initial Catalog=mydatabase;Data Source=mypc-pc;User ID=User1; Password=password1"/> </appSettings>"
Then, i hv created a user in SQL Server 2000 which is User1. What should i put for the database role? db_owner or just db_datareader and db_datawriter?
I've got a java application that connects to a sql server 2000database.The application must access with total permissions to database but Idon't want that anybody can insert or delete data with the corporativeadministrator of sql server 2000.How can I lock the corporative administrator in order to not permitmanual manipulation but my application can work properly?Thanks!
Currently studying for 70-229.I'm trying to understand how security for users is managed in SQLServer. I've been using SQL Server for a few years now, but withoutinvestigating the bits that "just work".So, here's the scenario. This is more or less how I create all myapplications (which these days are all ASP.NET).I have a database called "TESTDB" (original, huh?)Now, I want to create a method for users to access this database, so Iopen EM, locate and expand the node for the server containing thedatabase, and open the "Security" node. Click on the "Logins" leaf,and in the pane right-click and select "New Login.."On the "General" tab I enter "TESTDBLOGIN" as the Name.Select "SQL Server Authentication", and put in a password.In the drop-down list of databases select "TESTDBLOGIN"Ignoring the "Server Roles" tab, I go to the "Database Access" tab andscroll down until I can see the "TESTDB" database. Check the "Permit"checkbox, and lo!, the "Database Roles for TESTDB" list is populated,with "public" already ticked. I check the "db_owner" box, and press"OK". It asks me to confirm the password, and once that's done there'sa new login called TESTDBLOGIN. What's more in "Users" leaf in the"TESTDB" database node there's a new user called "TESTDBLOGIN".All well and good. I can now create a connection using this login anddo more or less what I want in the TESTDB database.But.If I click the "Users" leaf in the "TESTDB" node, there are two users -"dbo" and "TESTDBLOGIN". If I right-click the "TESTDBLOGIN" user, Ican see that it has Database Role Memberships for the "public" and the"db_owner" roles. But if I examine the permissions on these two roles(by selecting the row, and then pressing the "Permissions" button) Ifind that there are permissions set for EITHER role - all the checkboxes are blank!So, how is it that I can do SELECT, UPDATE, INSERT and DELETEoperations via this login/user?Sorry it all took so long - I just wanted to get it right.ThanksEdward--The reading group's reading group:http://www.bookgroup.org.uk
We have a Web application that requires user authentication. We have a Login Page for user's to login and be authenticated. We also manage the user accounts using SQL Server Membership Provider. We created aLogin user in SQL Server and used this user's privileges to connect to SQL Server in our website's connection strings. Example, in our Web.config file, the connection string is:
<connectionStrings> Â <addname="MyConnectionString"connectionString="Server=MYSERVERNAMESQLSERVER2012;Initial Catalog=MyDatabase;User Id=TUser;Password=MyPassword"providerName="System.Data.SqlClient"/> </connectionStrings>
The problem now is when a user logs in, it's throwing an error that TUser's password has already expired. We did not enforce the password policy and expiration date for this user. So, I'm wondering why it's giving me this error.
Hi everyone, I have an instance with many databases in it. I am looking for the easiest way to see which of those databases a user has a login on. What is the most efficient way of doing this? Thanks, Anil
My company has a Windows 2008 R2 server which is running SQL Server v11.0.5058. Â This server was previously running SQL Server 2008 and was recently upgraded. Â Since the upgrade I have noticed that when I connect to this server using SSMS and Windows authentication it seems as though I have a limited user context as I cannot see SQL Agent in the server tree at all and underneath the server security > logins folder I can only see the sa and SQL Server Windows service accounts (there are many more).
If I connect to the server using SSMS and the sa credential then I can see everything I expect to be able to see as a sysadmin.
I tried connecting as sa, then deleting my Windows AD account from the security > logins folder and reading my Windows AD account with the sysadmin role however this yielded the same result, when I connect using Windows authentication I still appear to be in a limited user context.
We have several other SQL 2008 / 2012 servers within our organization and all of them appear to be working fine / none of them exhibit this problem.
HiI need to set security for row level but not based on Database user'slogin. It should be based on the user table login. For the particularuser I need to allow only the particular records to access insert,update delete and select.Let me explain clearlyFor example think we are using asp/asp.net websiteEg:www.test.comSo take this is our website and if you try this URL then you will get awindow for Login name and password.For example the Login name is windows user name (Here windows usermeans server windows user and not client) and windows password. So ifyou have login user id you can able to login in our site and we haveanother check. We have our own usertable this table consist all theuser login names and user rights. We will check the windows user whologin in our site has rights in the usertable I mean he is present inthe usertable if he is not present then we will display a message youhave no rights to access this site.If he has login id in our usertable then he allowed viewing ourpages. Still if he has the login id we will check the user who loginhas how much right to access to each page and the records of each tableits all depend on the user rights.So, here I need the row level security. For each and every table weneed to check the corresponding user and executing the record producelot of business logic problem for us.So after the user login we need automatically to set row levelsecurity for all the tables. Based on the user who login.So from there if we try select * from <tablename> then we can only ableto get the allowed records to select, insert, update, delete.Please can some one help how to solve this?Note:For some help you can refer the below URL (See in that they only givenabout the row level and column level security for each database usersnot for our required concept)http://www.microsoft.com/technet/pr...5/multisec.mspxThanks in advanceRams
Oracle and Teradata are able to capture the windows/client login that connects to their database with a functionnal ID.I've searched around and I don't think MS SQL can do this...I administer SQL 2014 server and also SAS Enterprise guide product. I've created sql server logins for several teams so everyone shares the same sql server login which is used to bind the SAS library to my SQL server database.
However, when looking at activity monitor, I can't drill down to which user is executing a particular query. I only see the SQL login which is share amongs 200 other folks.On the other hand, when they connect from SAS to Oracle or Teradata, I can see the shared login + additionally their windows NT login used to connect to SAS which is awesome....they can't fool me by using a shared/funcionnal ID....i still see who's using that ID...
I got a website using .Net v2.0.xxx and SQL Server Express 2005 in a Win2003 Domain Controller machine. Both website and SQLServer is running on the same machine. Website and SQLServer are configured to accept only Integrated Windows Authentication. Domain Users group is added in SQLServer logins list and given Read and Write access to the database used by the website. Also Domain Admins groups is added and given full permission to the same database.
I thought since website will run only with login details from Active Directory, SQL Server connection is also going to be validated against the same login details. But I felt I got the whole concept wrong when I received the error mentioned in subject line.
Can anyone please explain the best way to connect to database in above-mentioned context. Please remember that I need to implement different rights on the database for 'Domain Users' and 'Domain Admins' group. If there is a better approach than using these groups, lemme know please.
I'm in the process of creating a report to show employees and managers holiday and absence information. Is there a way of filtering the results of the report based on who is running the report, so that employees could only see their own information and managers could only see theirs and their subordinates information?
What I was hoping to do was create a lookup table which cross-references Windows logins with employee numbers and then use this information to pass a parameter to the SQL query, but I don't know how to retrieve the login from the machine being used to view the report.
I've heard about row level security and it seems ideal in theory but I fear the implimentation of row level security would be far beyond my meagre knowledge.
I have a client who would like to access his database via SQL Server Management Studio. I created a login for him. This login has access only to his database on the server (I set this up using the user mapping), the Securables has Connect to SQL checked (otherwise he won't see his database). When I test this login, he is able to see all the other databases on the server, though when he clicks on the ones he doesn't have access to, it will tell him that he can't access that database. He can access his database alright. My question is, can I hide all the other databases from him, and only display that only database he has access to? I have tried many different ways, I can't seem to be able to do so.
I wrote the below script to add a SQL server login account that is the db_datareader, db_datawriter, and granted permission on all stored procs, functions, and views on all databases within a server.
Code Snippet USE master GO SET NOCOUNT ON DECLARE @database_name sysname DECLARE @object_name sysname DECLARE @object_type char(2) CREATE TABLE #databases (DATABASE_NAME sysname, DATABASE_SIZE int, REMARKS varchar(254)) INSERT #databases EXEC sp_databases -- ++++++++++++++++++ add SQL Server Login ++++++++++++++++++ IF EXISTS ( SELECT 1 FROM master.dbo.syslogins WHERE [name] = 'WEB_USER2' ) BEGIN DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR SELECT DATABASE_NAME FROM #databases OPEN db_cur WHILE 1 = 1 BEGIN FETCH db_cur INTO @database_name IF (@@FETCH_STATUS <> 0) BREAK EXEC ('USE ' + @database_name +'; IF EXISTS ( SELECT 1 FROM sysusers WHERE [name] = ''WEB_USER2'' ) BEGIN EXEC sp_revokedbaccess ''WEB_USER2'' END ') END CLOSE db_cur DEALLOCATE db_cur EXEC sp_droplogin 'WEB_USER2' END EXEC sp_addlogin @loginame = 'WEB_USER2', @passwd = 'password' -- ++++++++++++++++++ loop thro' all User-Databases ++++++++++++++++++ DECLARE db_cur CURSOR LOCAL FAST_FORWARD FOR SELECT DATABASE_NAME FROM #databases WHERE DATABASE_NAME NOT IN ('master', 'model', 'tempdb', 'msdb', 'distribution', 'ASPState') OPEN db_cur WHILE 1 = 1 BEGIN FETCH db_cur INTO @database_name IF (@@FETCH_STATUS <> 0) BREAK PRINT '' PRINT 'Current database=' + @database_name -- add user to databases EXEC ('USE ' + @database_name +'; IF EXISTS ( SELECT 1 FROM sysusers WHERE [name] = ''WEB_USER2'' ) BEGIN EXEC sp_revokedbaccess ''WEB_USER2'' END ') EXEC ('USE ' + @database_name +'; EXEC sp_grantdbaccess ''WEB_USER2''; ') -- add user to db_datareader EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datareader'', ''WEB_USER2''; ') -- add user to db_datawriter EXEC ('USE ' + @database_name +'; EXEC sp_addrolemember ''db_datawriter'', ''WEB_USER2''; ') -- grant permission on Stored proc, Scalar function, Inlined table-function, Table function, View -- !! coz EXEC is a self-contained batch, so must use GLOBAL EXEC('USE ' + @database_name +'; DECLARE obj_cur CURSOR GLOBAL FAST_FORWARD FOR SELECT [name], [type] FROM sysobjects WHERE [type] IN (''P'', ''FN'', ''IF'', ''TF'', ''V'') ') OPEN obj_cur WHILE 1 = 1 BEGIN FETCH obj_cur INTO @object_name, @object_type IF (@@FETCH_STATUS <> 0) BREAK -- PRINT 'object=' + @object_name + '; type=' + @object_type IF LTRIM(RTRIM(@object_type)) = 'P' OR @object_type = 'FN' BEGIN -- EXEC on Stored proc, Scalar function EXEC('USE ' + @database_name +'; GRANT EXEC ON dbo.' + @object_name + ' TO WEB_USER2 ') END ELSE BEGIN -- SELECT ON table function, View EXEC('USE ' + @database_name +'; GRANT SELECT ON dbo.' + @object_name + ' TO WEB_USER2 ') END END CLOSE obj_cur DEALLOCATE obj_cur END CLOSE db_cur DEALLOCATE db_cur
Any way to find out who's causing "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." error in SQL Server error logs?
I'm working on an ASP.NET project, and we're attempting to switch from SQL Server authentication to Windows authentication to connect to the database. It works fine locally when I debug in Visual Studio, but when it hits the web server, I get the error: "Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection." IIS has anonymous access disabled, and Integrated Windows Authentication is checked. The web.config file has: <authentication mode="Windows"/><identity impersonate="true"/> The database I'm attempting to access is on a different machine than IIS, and the connection string doesn't contain a username or password, and has "Trusted_Connection=Yes", and "Integrated Security=SSPI". From what I've been able to find online, I'm guessing the problem is due to IIS and SQL Server residing on different machines, but I'm not sure how to fix it. Any ideas?
I am using an unattended install script to install the database on the client machine. All the settings look correct. But my application cannot access the db -
Error: Cannot open database requested by the login.
Now when I install SQL Server Express manually, it works fine. I have the service running under local system and enabled user instances is true. I cannot figure out the problem(been working on it for 2 days).
Hi-- I am building an intRAnet website using windows authentication for website access and SQL Server access ( Trusted_Connection = true ). In IIS I have these settings:
Allow Anonymous = unchecked (false) Windows Authentication = Checked (true) Digest windows = checked (true) In my Web.Config file:
authentication="windows" impersonate="true" allowusers="*" When I pull up the page these are my credentials: Security.Principal.Windows: mydomainmyuserid (this is correct what it shows on my page) Me.User.Identity: mydomainmyuserid (this is correct what it shows on my page) Threading.currentThread.currentUser mydomainmyuserid (this is correct what it shows on my page)
So the ASP.NET page recognizes it is me and my domain. However, when i click a button to pull some data from a database I get the error message: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. My data access on SQL Server works fine. The weird thing is when I debug on my machine it pulls data fine. but when I copy the files to the windows 2003 server it doesn't work. Do i have to do something with delegation?
I know from searching this forum that there have been many variations of the issue I'm currently suffering, but I haven't found anything quite like mine or a solution to solve it. The issue I'm running into is that I am unable to log on to Reporting Services using Management Studio or the web interface when Windows Integrated Security is enabled. I have full functionality using basic security, but the risks involved make it impossible to deploy basic authentication out into production. The error I'm receiving in Management Studio is The request failed with HTTP status 401: Unauthorized. (Microsoft.SqlServer.Management.UI.RSClient). I recieve the same error when I try the web interface.
I've looked the most recent logfile in WindowsSystem32LogFilesW3SVC1 and these entries match up to the time I attempted my authentication.
Code Snippet 2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:42 <Edited: Server IP> GET /reports - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 301 0 0 2008-05-12 20:30:42 <Edited: Server IP> GET /reports/ - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:46 <Edited: Server IP> GET /reports/home.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 302 0 0 2008-05-12 20:30:46 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2008-05-12 20:30:47 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248 2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 2 2148074254 2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 0 2008-05-12 20:30:49 127.0.0.1 POST /ReportServer/ReportService2005.asmx - 80 - 127.0.0.1 - 401 1 2148074248 2008-05-12 20:30:50 <Edited: Server IP> GET /reports/Pages/Folder.aspx - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 500 0 0 2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:50 <Edited: Server IP> GET /Reports/js/ReportingServices.js - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/blank.gif - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 - <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/styles/ReportingServices.css - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0 2008-05-12 20:30:54 <Edited: Server IP> GET /Reports/images/48error.jpg - 80 DomainUserName <Edited: Server IP> Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 200 0 0 2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:31:07 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0 2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 2 2148074254 2008-05-12 20:31:13 127.0.0.1 GET /reports/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+.NET+CLR+1.1.4322;+.NET+CLR+2.0.50727) 401 1 0
I tried to highlight one of each of the HTTP errors I am getting. 401.2 and 401.1 are the ones I kind of expected, but have no idea why I'm getting them. The 500 0 error is a bit troubling, because unless I'm mistaken thats a server side error.
Here's my current setup. As far as I can tell, I've done everything to set up correctly for Windows Integerated security.
My Specs The server machine running all SQL 2005 services. It resides in a domain. All Clients are in the same domain.
Intel Dual Processor 3.20 gig Xenon
Windows Server 2003 w/ SP2
Microsoft Sql Server 2005 w/ SP2 Reporting Services Setup The virtual directories Reports and ReportServer are set to Windows Integrated Security with Anonymous Access disabled. All other checkboxes in Directory Security are unchecked. For permissions in Reports, I have:
Administrators (servernameAdministrators) - Full Control
ASP.NET Machine Account - Modify, Read & Execute, List Folder Contents, Read, Write
Domain Users - Read & Execute, List Folder Contents, Read
SQLServer2005ReportingServices]WebServiceUsers$... - Read & Execute, List Folder Contents, Read
SQLServer2005ReportServerUsers$... - Read & Execute, List Folder Contents, Read
SYSTEM - Full Control
Users (CompNameUsers) - Read & Execute, List Folder Contents, Read In ReportServer I have the same permissions except Authenticated Users is absent.
At one point, I even added the account Everybody and gave it full control, and I still recieved a HTTP 401 error. Any help at what I might be missing would be a godsend.
How to find last login date/time for user DML acitivity on databases on Instance?
Is there any way we can find our the last login date/time for databases?
Note: 1. We can find if the SQL Trace is running and store.This is not good solution         2. Audit logins off/on is also not good solution.        3. Using DMV's also not good option, if reboot sql server instance then historical values can not see.
Scenario: 1. Access to database objects is based on database roles. 2. Application administrators handle the assignment of users to database roles. Application administrators are first line managers, typically; they are not DBA's and not Help Desk staff.
Question: What products are available to simplify the management of user access to databases in the aforementioned scenario?
