Re: Strange integrated authentication success

Thanks Dan and Uri.

I got it now. I changed admin password of XP and saw the connection is not
allowed.

"Dan Guzman" <guzmanda@xxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:7A375702-4849-4836-9C3A-37082AA753A6@xxxxxxxxxxxxxxxx
The two boxes have same passwords for Administrator and I logged on with
the same passwords. But I don't think same password can be a free
passport to the databases.

Windows allows remote authentication using local accounts. If the user
name and password are the same on both boxes, the remote OS will let you
in under the context of the remote account. I expect you'll see the same
behavior if you access the file system, such as accessing the a remote
administrative share (\\REMOTE_SERVER\C$).

SQL Server then allows you to connect because the local Administrator
account is a member of the BUILTI\Administrators group.

--
Hope this helps.

Dan Guzman
SQL Server MVP

"Han" <hp4444@xxxxxxxxxxxxxxxx> wrote in message
news:eVU9zveIHHA.5104@xxxxxxxxxxxxxxxxxxxxxxx
Hello

I am experiencing strange success of authentication.

I have two boxes, one xp-pro and another windows 2003, both have SQL2005.

Two boxes have no relationships except that they are in same network.
Really nothing such as account and trusted relationship.

Expecting failure, I tried to connect from xp to win2003 with integrated
authentication(trusted_connection=yes).

Result is success. I checked profiler and found the account name is
recorded as Administrator.

What happened?

The two boxes have same passwords for Administrator and I logged on with
the same passwords. But I don't think same password can be a free
passport to the databases.

Do you have any idea?




.

Relevant Pages

  • Re: Performance monitor on a remote computer
    ... In the right pane of the subsequent two pane window, ... that is selected is "Local System Account". ... log counters on the remote machine. ... >> I am logged into both machines as an administrator. ...
    (microsoft.public.windowsxp.perform_maintain)
  • Re: Firewall
    ... > a couple hours away in a remote office. ... > can log onto the comuputer locally is the administrator. ... > understand why no other account was created with more access than the ... If it is the built-in Windows SP2 firewall, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Logon failure on disabled Administrator account
    ... A workaround is to remote into your "home" system (that has the allowed IP ... Les Connor [SBS Community Member - SBS MVP] ... another account for administrator tasks. ... because someone periodically tries to brute force the account. ...
    (microsoft.public.windows.server.sbs)
  • Re: Block remote access for the default domain administrator
    ... remote administration and then block remote access for the default domain ... The strong password set on the Administrator account should be sufficient but he feels remote administration would be more secure using an account with a different name and strong password as well. ... Neither the loss of remote admin facilities nor having the server cracked is particularly desirable, but I know which I'd prefer. ...
    (microsoft.public.windows.server.sbs)
  • Re: Local System Log on
    ... be log on to the server locally without using the Administrator account. ... By default, members of the Remote ... Users group, or another group that has this right, or if the Remote ...
    (microsoft.public.windows.server.active_directory)