Re: SQL Server 2005 login with Windows Authentication
- From: "Francois Malgreve" <francois.malgreve@xxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jun 2007 11:31:29 +0700
Hi Erland,
I just want to thank you very much for your precious information.
BULTIN\Administrators being synonym of D620\Administrators was the key point
i did not know. Everything makes much more sense now!
Also your helper SP and functions are really of great value!
Thanks again!
Cheers,
Francois Malgreve.
"Erland Sommarskog" <esquel@xxxxxxxxxxxxx> wrote in message
news:Xns994FF1DCE7D8CYazorman@xxxxxxxxxxxx
Francois Malgreve (francois.malgreve@xxxxxxxxxxxxxxxxxxx) writes:
My Computer name is D620 and my windows user name is Francois (who has
admin rights, beign part of the Administrator group). As it's a stand
alone computer at home, I don't have any domain so it's a local user
(not a domain user).
I obviously installed SQL Server using my Francois (admin) local user
account. So having stated that I chose windows authentication as
authentication mode i was expecting to see something like D620\Francois
in
the available logins of my SQL Server instance.
You need to do
CREATE LOGIN D620\Francois FROM Windows
to do this. But you can still access SQL Server as D620\Francois without
this command - run "SELECT SYSTEM_USER" in a query window to see who you
are. And the reason for this is that a Windows login also can have access
through a Windows group. And indeed:
Instead, I see:
- BULTIN\Administrators (What is it? And why is it not
D620\Administrators,
This is how you get in. I don't know why it's called
BUILTIN\Administrators,
rather than <machine>\Administrators. But maybe this so they easier can
write documentation around it. Or that the name is hardwired somewhere.
Anyway, BUILTIN\Administrator gives sysadmin access to SQL Server to
all Windows uses with admin access to Windows. There are situations where
you prefer to drop this entry. For instance you are the DBA, but you don't
want the network admin to fiddle inside SQL Server. (Before you do this,
be sure that have created another login with sysadmin rights!)
- NT AUTHORITY\SYSTEM (who is that fellow?)
Mumble, also some built-in Windows entity. LocalSystem, I think.
How can I know if D620\Francois got admin rights
select is_srvrolemember('sysadmin')
When you are logged in as D620\Francois
and if he is dbo of all db?
sp_helpdb
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- References:
- SQL Server 2005 login with Windows Authentication
- From: Francois Malgreve
- Re: SQL Server 2005 login with Windows Authentication
- From: Erland Sommarskog
- SQL Server 2005 login with Windows Authentication
- Prev by Date: Re: permissions required for executing CDOSys stored procedures
- Next by Date: RE: Login Error: 18456, Severity: 14, State:11
- Previous by thread: Re: SQL Server 2005 login with Windows Authentication
- Next by thread: SQL2000-user not grantable to login
- Index(es):
Relevant Pages
|
