Re: Locked out of Enterprise Manager

From: Fox (@)
Date: 02/14/03 

From: "Fox" <fox @ connexions .net>
Date: Thu, 13 Feb 2003 20:08:25 -0500

My goal was to get my SA account more protected. I am being hit
several thousand times a day, apparently hackers seeking a password.

It was suggested that I change the SA to Windows log in only.
I thought I was in the right place when I went into the Server Config.
I reset that to Windows Authentication. For the Start and Stop
account, I had previously used the "This Account" option. But
that was a while ago and I have no idea why other than that I
am the only person who logs into the computer. I am the only
person here ......

That log in was in the format of [.\myname] . I am now guessing that
is an SQL log in only, since there is no domain or machine name
in there. So, I immediately lost the ability to access the only instance
of the server I have. I fuddled around and stumbled onto the
Edit Registration and saw another opportunity to play God.
I set this one to Windows Authentication figuring I would either
be locked out entirely or be re-established. The latter was true and I was
able to log back into the server. Now I re-opened the Server
Config and saw that it was still set to Windows Only and still
had the same login. So this perplexes me. Why is it working
now and not before (rhetorical question)?
Should I leave that alone or enter a new log in
and change it back to Windows Only ? What is the format
for the login since there is no browse ability? Note that I
have no domain and no Active Directory. So I suppose it
would be MachineName\Myname in some format.

Will this be the answer to better protection of the SA account ?
And will I need to change DSN connection logins and then
also the templates I use against the database ?

Edit Registration config has no place to enter a log in.
That also has me a bit confused as to why it works.
That merely had the choice of SQL or Windows.
Is that automatically related to the Windows Admininstrator ?

One more question to round this off and to keep safe.
I see the Built In Admin in the Security Logins area.
That appears to be related to the Windows Admin Group.
Is this what explains my being able to have Enterprise find
my server after chaning to Windows Only in the Editing Registration ?
Note also that this says that SA is "standard".
There is also a "myname" which is standard as
well as a MachineName\MyName which is
Windows User. Is my goal to have all of these
Windows User ? My IUSR is also Windows User
which I am guessing is the best way to control public
access (hopefully).

I am sorry if the above is convoluted. I really only need
a few answers and I am supposing that after that I will have
a good handle on all of it.

Best Regards,
Fox

"Denny" <mrdenny@gamespy.com> wrote in message
news:e6Sxim70CHA.2308@TK2MSFTNGP09...
> Fox,
>
> I'll try to explain.
>
> The "Edit Registration Settings" window are your settings for connecting
> your EM to the Server. (EM is just a Client Application, even when
> installed on the server).
> The "Server Config" Screen is where the actual server settings are setup.
>
> Making changes to the "Server Config" Screen makes changes to the actual
> server (and should only be done with some thought and care), while changes
> to the "Edit Registration Settings" screen makes changes to your client's
> connection to the server.
>
> Does that answer your questions? If not feel free to post or email me
> directly.
>
> --
> Denny Cherry
> Database Administrator
> GameSpy Industries
>
> "Fox" <fox @ connexions .net> wrote in message
> news:OySeaV70CHA.1812@TK2MSFTNGP11...
> > OK I am back to squasre one all is normal.
> >
> > But if anyone can clarify for me the relationship
> > between the Edit Registration Settings and the
> > Server Config Settings as far as how they both regards
> > Logging in I would surely appreciate it.
> >
> > Thanks,
> > fox
> >
> > "Fox" <fox@connexions.net> wrote in message
> > news:uKg9mu50CHA.2308@TK2MSFTNGP09...
> > > I went and did it. I followed some good advice, but did not understand
> it
> > > entirely. Now I have issues ;)
> > >
> > > This takes place locally in Enterprise Manager.
> > > I went into the Server Config properties and changed to Windows
> > > Authentication.
> > > My login for Start and Run SQL server was in this format. [
 .\myname ]
> > > I am supposing this was an SQL authentication, but do not remember. I
am
> a
> > > newbie.
> > > Does the format tell me that this was an SQL login since there is no
> > domain
> > > or machine name present ?
> > > I ok' this as it was.
> > > NEXT:
> > > It appears that since my login and Password were probably not based on
a
> > > Windows 2000
> > > account, Enterprise Manager lost connection and would no longer
> connect..
> > I
> > > then
> > > went in to the Edit Server registration properties and changed that to
> > > Windows
> > > Authetication. Now I rebooted Enterprise Manager and I am again
> connected.
> > > The
> > > Server Config properties still says Windows Authentication and my old
> > login
> > > is still
> > > there. I am now afraid to close this since I have no idea what I have
> > > actually done and
> > > where I no stand. Can anyone straighten me out ?
> > >
> > > Questions include whether to change the Config back to SQL
> authentication
> > or
> > > to
> > > change the log in to a trusted windows login. What would the exact
> format
> > be
> > > if I change it to (I do not use a domain) machinename myname ?
> > > If it matters to tell me, why was I able to get back in when I went
into
> > the
> > > Edit Registration properties and changed to a Windows Authentication ?
> > >
> > > I do not understand the difference or relationship between the
> > Registration
> > > (and its
> > > properties) and the Server Config and its properties.
> > >
> > > Thanks,
> > > Fox
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Cannot connect to the Internet
    ... My Windows 2000 pro PC is connected to the internet (Local Area ... Connection 2 Status icon shows "Connected" with a speed of 10..0 ... The master browser has received a server announcement from ... Posted via a free Usenet account from http://www.teranews.com ...
    (microsoft.public.mac.virtualpc)
  • Re: Using EFS with Network Shares and SFU 3.5
    ... It does not take EFS into account. ... could again use the sharing server audit logs to see if success ... Read extended attribute and Read data, since the NFS client may ... Windows and *nix clients. ...
    (microsoft.public.windows.server.security)
  • Re: Error 10061, 0x800ccc0e, bug?
    ... It's definitely the April Windows update!!!! ... Checked program files after restore and the updates are gone and OE is ... receive mail after changing account in windows. ... Mike, the error indicates that you are failing to connect to the server, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Permission Errors
    ... Windows 2003 server but suddenly I cannot get the web service to work, ... >a domain account so that it can be validated on the win2k server machine. ... >|>webservice failed with permission error when perform the file accessing ...
    (microsoft.public.dotnet.general)
  • Re: IIS 6 CreateObject premissions issue
    ... You have a web application running on Windows 2003. ... This exact same design works on a Windows 2000 server environment. ... LogonMethod metabase property tells IIS how the anonymous user account ... the Anonymous account is configured to run under the IUSR_SERVERNAME ...
    (microsoft.public.inetserver.iis.security)