Re: Trusted SQL Server connection (SQL 2005)
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Sun, 16 Sep 2007 10:07:37 +0000 (UTC)
idoek (idoek@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
1. Can anyone explain to me, please, how do I associate local user with
a trusted SQL Server connection?
CREATE LOGIN [domain\user] FROM WINDOWS
where domain also could be the local machine.
and more important how do I prevent associated local user from logging
into an SQL Server 2005?
Make sure that there is no entry in sys.server_principals that maps to
the Windows user. Beside the username itself, you have to make sure that
no Windows group to which the user belongs is listed. A particular
critical one is BUILTIN\Administrators, which gives sysadmin access to
any Windows user with Admin privs. If you want to prevent a user with
admin privs in Windows from accessing SQL Server, you need to drop
BUILTIN\Administrators. However, before you do that, make sure that
there are other accounts with sysadmin permissions, or else you may find
that the server is no longer administrable.
2. Are the data files and log files of my database encrypted?
No.
If not, is there a way to encrypted them?
Within SQL Server there is no way to encrypt them as a whole. You can
encrypt selected columns, but that requires writing some code.
You can encrypt files in NTFS, but whether it's a good idea to do this
with database files I don't know. It's certainly not going to beef up
performance.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Books Online for SQL Server 2005 at
http://www.microsoft.com/technet/prodtechnol/sql/2005/downloads/books.mspx
Books Online for SQL Server 2000 at
http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- Prev by Date: SQL 2005, sysobjects and security
- Next by Date: Re: SQL 2005, sysobjects and security
- Previous by thread: SQL 2005, sysobjects and security
- Next by thread: Re: Trusted SQL Server connection (SQL 2005)
- Index(es):
Relevant Pages
|
