Sys Admin Cant Access SQL Server. Only SA Account Can?
Jul 20, 2005
Hi All hope you can help.
I have a SQL 2k Standard Ed. SP3 server that is in mixed security
mode.
I have logged into EM with the sa account.
Then added a Active Directory group (i.e. DomainDBAdmins) to the
System Administrators for that server.
When I try and modify the SQL server registration in EM to use trusted
authentication instead of sa I get a connection failed. Any ideas?
We are using Win2k3 R2 with SQL 2000 in a domain environment.
Is it possible to create a domain group to grant admin level and user level access to SQL2000/2005 without giving users server admin or domain admin access?
It has always been my impression that to have admin access to SQL that you had to at least had admin level access on the server.
If you were to do a fresh install it would set permissions on the disk so everything just works.
Now when changing the service account (e.g. to a domain user) use the configuration manager, does it do the same magic (possibly sans if the database data/log files are on another disk)? Or do you need to trawl through the dozens of folders and assign rights manually?
I have a bit of problem I was hoping someone could point me in the right direction. I have a SQL Server 2005 database which leverages both the Membership and Roles APIs. When I recreate the database for production release, I simply run an sql file using the sqlcmd utility - no problem. What I need is a way to add a default administrator role, account and assign this new administrator to the administrator role.Can someone advise on how this is typically handled?
If someone can tell if it is wise change the SA account password after all of your databases have been set up using NT Authentication for login. Also, by using the sa password at login are you providing more security and and who should have access to that password (Your developers or your Administrators?)
I am wondering is distributor admin account a sql authentication account? How can i use this account to connect to distributor if distributor is on the different server with publisher?
If we have a "pool" SQL login, a one that uses SQL Server authentication, and this login is used by different domain account to access SQL Server, is there a way to audit which domain account used that "pool" login to do something on a object in SQL Server? I have to keep this way of accessing SQL Server, so how to create a login for every domain account accesses SQL Server
I'm trying to connect to a database using a service account that we got created. The ID is an AD account and was added to the db as such. When I try to connect to the database using the account with the password I get [login failed for domainid]. The DBA mentioned that its setup to use windows auth, however, I can't connect with this service account using windows Auth, due to I'm using to connect via code.
How can I connect to the database from my code using this ID?
I have the ID and pwd in my code to connect with, does the ID have to be setup differently in the Database?
Am trying to run SQL Server Agent with a service account which is not in the Administrators group. Have done the following - 1. Removed the service account from the Administrators group on the machine 2. Assigned sysadmin privileges to the service account 3. Added it to the SQLServer2005SQLAgentUser$ComputerName$MSSQLSERVER role 4. Through SQL Configuration Manager assigned this account to the SQL Server Agent service However, this does not start the Agent as a service. What is it that is missing?
I am interested if anyone can point me to "best practices" regarding thelevel of administrative authority a SQL Server database administrator shouldhave. Alternatively, I'd be interested hearing what level of authority onthe server you/your SQL Admin has. I have been told that in order to dotheir job, a database admin needs full admin authority on the operatingsystem in a Microsoft environment, but I find that hard to believe.Thanks.
I have been given the responsibility of administering and trying to maintain an enterprise level database (currently 20GB in size) without local admin privileges on the server that houses my database. Is there any documentation available that can either help me get my job done, or help me convince my supervisors that my position requires that level of access?
I understand the concern about the local admins being able to "do whatever they want", as well as the effort to reduce the amount of risk exposure to major accidents. I just want to be able to do my job effectively.
I recently enabled log shipping on our production database, and I had initially accepted the default of 72 hours to delete copied logs. Well, i am running out of space quick, and I need to edit it to something like 6 hours.
When I try to disable log shipping in order to recreate it, or if I try to edit the secondary server settings when I am logged in as SA, or my windows account which has the sysadmin role assigned, I get an error that says:
Only members of the sysadmin fixed server role can perform this operation. Error 21089.
I've restarted the sql service, disabled and enabled the permission on my account, but for the life of me, i cannot get this to work!
I'm working on a newly installed windows 2012 R2 server which has SQL Server 2012 and SSMS installed on it. What has been odd is that when I open the "restore database" dialog, in the "Select Backup Devices", "Locate Backup File" dialog, only the immediate folders off of the root of the E: drive are visible. E: is where sql server data and backup files are stored.
The account I am logged in with is supposed to have Enterprise Admin rights. How is can I not see these folders and files? The files are certainly there and are visible to me on that login with windows explorer. I am able to backup via SSMS without issue.
When I look at the folder's permissions everything seems normal. If I add "Everyone" to that folder's permissions the folders and files become visible. The SQL Server service is running on the NT ServiceMSSQLSERVER account, which is normal for my other installations of sql server.
I've recently started working with a public sector organisation who have 4 clustered sql instances that has 80% of it's db mirrored.
Looking at the transaction log - it seems that a transaction log backup is a good idea as the log is 4x larger than the data file.But I'm not allowed access to the physical server to check onto which drive I can create the trn. No RDP, no vmware - let's be honest I'm not even allowed to launch cmd line Also the Server Manager informs me "We will need to carefully look at database backups if you guys want to start doing these backups on box, as that will break our off box backup routine (it will screw the transaction chain)."
I don't understand how backing up the transaction log could break the "transaction chain"?
We have applications connected to SQL using windows authentication. While having connection with Application user can also access to Database instance on the same time as well. We need to limit the access of user outside application.
I have SQL Server 2014 (Enterprise) on Server A. The service runs under DomainAAdmin.
The Client machine is B, User credentials DomainBUser.
DomainBUser has a share on B that contains a BCP data file. DomainAAdmin has full access to this file.
If I log onto A (the server machine) with either DomainAAdmin or DomainBUser credentials, and run SQL Server Management Studio with Windows Authentication I can run BCP sucessfully using the following:
BULK INSERT [MyTable] from 'Bsharedatafle.tsv' WITH ( KEEPNULLS , KEEPIDENTITY ) However, if I log onto B, (the client machine and the machine hosting the share) and try to run the same bcp command, I get "Access is Denied".
We are upgrading from SQL 2008R2 to SQL2014 but we have discovered that a couple of our applications are not supported on 2014. We'd like to keep one 2008R2 server and one 2014 server until we have time to upgrade the applications and move everything to the new server. The problem is we have custom code in some of the 2014 databases that access tables in the 2008 databases.
I know we can easily do cross server joins by using a linked server, but it would be a huge undertaking to find all that code and add a linked server name in front of every table, stored procedure, etc. So my question is, is there any way to move a database to a different server and still be able to access it without having to qualify the object names with a linked server? Is there some kind of server/database synonym that can be setup that would be recognized by all databases?
I try to connect from a pc to a SQL Server on another pc. Both pc’s are in a workgroup. I want to connect from a Windows Forms application to a named instance on the other computer. By now I have been able to connect from one pc to SQL Server on the other with tcp:smurfin, 52782.
I want to be able to use servernameinstancename (instead of portnumber) to make a connection in a Windows Forms application.
I’ve checked / tried te following:
•In the properties of the instance, tab Connections, the option Allow Remote Connections is enabled •In Configuration Manager: TCP is enabled •The service SQL Server Browser is started •On the tab IPAddresses, in the section IPAll, there is NO portnumber for TCP Port. And TCP Dynamic Ports has the nummer 52782 •I have created un inbound rule for port 52782 and also for 1434 (SQL Server Browser). And to be on the save side: a rule for 1433 as well. •Restarted the service
If I run the following code in SQL Server, that same port number (52782) is returned:
EXEC xp_ReadErrorLog 0, 1, N'Server is listening on', N'any', NULL, NULL, 'DESC' GO SELECT local_tcp_port FROM sys.dm_exec_connections WHERE session_id = @@SPID
While running Sql 2014 upgrade advisor against a 2005 remote sql server. Below is the error im getting:
"Could not populate SQL Instances: System.Security.SecurityException: Requested registry access is not allowed"
Its able to connect SQL 2005 DB server and its also populating all the required Databases, but when i'm tring to click Run at the last step above error is coming. I even installed SQL 2012 upgrade advisor in my system and getting the same above error.
However if i use SQL 2008 upgrade advisor and connect to SQL 2005 server im not getting any error.The tool is generating successfully all the Pre and Post upgrade issues.
I'm running the tool with Run as administrator option. Is there any specific change i need to do in my system so that the tool runs successfully.
I have a user, who is trying log into the server, but everytime he gets this error saying something about the Group policy denies him access.
This user needs access and i'm trying to understand how to grant it to him.
I have been looking into how i can access the group policy editor, but the farthest i can get is the Local group policy editor. How do i make sure this specific user has access?
SQL server job or SP to deny access to an AD login for certain period of time to SQL server instance...i.e. to deny access to login ADxyz from 12 PM to 10 PM and revoke access to same login at 10:01 PM...
Hi AllI am getting an access denied message when I launch the Virtual Serveradministration screen, however I can connect through the Virtual Machineremote connectivity without any problems. Please help, I upgraded my memoryand need to change setting though Virtual Server Adminitration screen.Is there a way around this issue!Thank you in advance,James--Message posted via http://www.sqlmonster.com
I have been running a script in SQL Server 2000 as sa also as a Active Directory user who has administrator rights (I tested both approaches SQL Server then Windows Authentication) in Query Analyser which grants execute rights to the stored procedures within the database instance and Query Analyser does not give any errors when I run the script. I have made sure that each transaction has a go after it. I then return to Enterprise Manager, check the rights (I apply them to roles so that when we create another SQL Server user we just grant him/her rights to the role) and discover that the role has not been granted the rights. I seems to be occurring only with 2 of the procedures. Is there a known bug that might be causing this?
I have a Windows Server 2012 R2 2 node cluster with SQL Server 2014 FCI installed. Data files are on a separate Windows Server 2012 R2 file server. Data files share has been permissioned to the SQL Server service and SQL Server Agent service accounts as Full Control. NTFS Permissions are Full Control.
When I try to attach a database CREATE DATABASE AdventureWorksDW2012 ON (FILENAME = 'apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf') FOR ATTACHI get this error: Msg 5120, Level 16, State 101, Line 4 Unable to open the physical file "apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATAAdventureWorksDW2012_Data.mdf". Operating system error 5: "5(Access is denied.)".
If I log into the file server (called APRICOT) and look at the NTFS permissions they all look good. I have also reapplied the NTFS permissions from the root folder down.
EDIT If I log on to one of the nodes in the cluster as the SQL Server service account and navigate to apricotmssql_VIOLETMSSQL12.MSSQLSERVERMSSQLDATA and copy and paste the data file, it works fine.
EDIT2: If I log on to the file server and Enable Inheritance at the root level, then Replace all child objects with inheritable permission entries from this object, I get this error:
User Account Control settings on all nodes and the file server are set to Never notify
During install of SQL Server 2005, we can of course use a domain account or the built-in system account for running the services. I lean toward domain for obvious reaons but would like to know a +/- to each option and why I'd choose one over the other and what consequences or limitations one may encounter if I choose one over the other.
A user was created with a limited privilege under the USERS group. Once this user loged in the Report Manager he is acting like an Admin and Content Manager, though he is not given even a browser role.
What do u think that this guy is acting like a Super User evenif he is restricted to a browser role on the Report Manager ????????????
What is the best way of accessing a sql server on a live server? shall I use Integrated windows or use a special user account? If I use a user account, what are the needed priviledges to give it?