Re: Changing security authentication type.

Inline...

--
Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous


"Stu" <stu@xxxxxxxx> wrote in message
news:%23E25Hpb1GHA.1252@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
in an existing instance of SQL, will changing the security authentication
from SQL & Windows logins, to only windows logins cause any issues?


It will block (lock out) any attempts to access the database using the sa
account (or any other SQL Login).

Also, if a database has been created with hardly any security already, are
there any issues with introducing security further down the line. For


There 'could' be substaintial disruption when you introduce security.
Consider a building where there were no keys necessary to enter the building
and the rooms, and suddenly keys were required to enter the building, and
also to enter rooms. Until everyone got all of the correct keys for their
needs, there would be major disruption. However, if this was a well planned
process, and appropraite keys were distributed before all the locks were
install, the disruption would be minimal if at all.

example, a SQL server has been deployed already by my predecessor, with
authentication in SA & windows mode, and allowing pretty much anyone
access to SQL. If i was to create a DBA_Admin group and assign admin
writes only to that group, will it cause any problems in a already
functioning database?

Creating a domain/DBA_Admin group, providing that group login access to the
server, and also placing that group in the sysadmin server role, will not
cause any problems in a functioning database.

The problems will occur as you start locking down and removing permissions
from the sa account. And you 'should' do that. Applications should not be
using the sa account for database access since the sa account can do
'anything' with and to the server.


TIA



.

Relevant Pages

  • [NEWS] Xpede Found to Contain Multiple Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Intellisol Xpede ... anyone with a valid Xpede user account to issue requests to the Xpede's ... name used by Xpede to perform all its SQL queries. ...
    (Securiteam)
  • Re: ASP.NET Process Identity???
    ... In the application I not need/want to create user accounts into SQL Server. ... To control the security I have created a personalized security system. ... you can switch back to normal ASPNET machine account for the ... >> Public Class Personificacion ...
    (microsoft.public.dotnet.security)
  • Re: Windows vs SQL
    ... I would also add that with the sql security, ... account is a "known" entity in that a hacker knows that it exists and there ... >>> im always hearing that ms recommends trusted security ...
    (microsoft.public.sqlserver.security)
  • Re: How to use EFS to encrypt SQL DB file
    ... You want to make sure that SQL is starting here with an ... account that has the right to decrypt the mdf file. ... For information about the Microsoft Strategic Technology ... Protection Program and to order your FREE Security Tool Kit, ...
    (microsoft.public.sqlserver.security)
  • Re: Microsoft Informational Alert
    ... > PSS Security Response Team Alert - SQL Security Recommendations ... > PRODUCTS AFFECTED: SQL Server ... Secure your SA login account with a non-NULL password. ...
    (microsoft.public.security)