Re: Is there an alternative to disabling windows authentication?


You can't 'block' Windows Authentication -but you don't have to accept any
Windows login accounts into your server.

Don't map any domain accounts to SQL Logins or and/or database roles, and
don't provide any specific permissions to the PUBLIC role -and domain users
'should' be kept out of your database.

Arnie Rowland, Ph.D.
Westwood Consulting, Inc

Most good judgment comes from experience.
Most experience comes from bad judgment.
- Anonymous

You can't help someone get up a hill without getting a little closer to the
top yourself.
- H. Norman Schwarzkopf

"jwbutler via" <u16619@uwe> wrote in message
Thanks for the advise. I must not have explained it well enough. The
sql logins provide access to different modules of the system not users.


Arnie Rowland wrote:
Don't provide any Windows login accounts permissions to log into the SQL
Server. Remove domain accounts from the Local Administrators.

And to a more salient point: Why on earth are you providing all users
database access as 'sa'?

Since all users are 'sa', the roles are useless because they are all
admins in the SQL Server. That is the most egregious security breach
imaginable. Any user that knows (or learns) how to use Excel to connect to
SQL Server, or installs an eval version of SQL Server and client tools
(meaning Enterprise Manager and Query Analyzer) will have the ability to
muck up your data and/or schema.

I surely hope that this isn't a regulated market that has to comply with
HIPAA or SARBOX -the application will fail the security audit.

I'm a third party developer and my database gets installed on all types
network setups. I can't control the active directory settings for the
[quoted text clipped - 19 lines]
I've read this can not be done. Is there another way to accomplish

Message posted via


Relevant Pages

  • Re: Cant Connect
    ... Ok well, i am not logged on to the domain, so I guess i cant use windows ... My SQL server service uses the CHRISHARRIES\sql user accont, ... configured to allow SQL Logins, ...
  • Re: Cant Connect
    ... configured to allow SQL Logins, ... If SQL Server is configured to allow Windows and SQL Logins, ...
  • Re: My SQL 7 server was hacked through to store files onto. Please help
    ... the server is exposed to the internet. ... I'm assuming they came through SQL... ... Also SQL logins ...
  • Need advice for first-time install of named instance
    ... I have to install a named instance of Sql 2005 on that server. ... Do I need to set up new domain accounts or can the new instance use the ...
  • RE: Fulltext failure on a 2 node cluster
    ... Server full-text search resource online: "SQL Cluster Resource 'Full Text' ...