Microsoft SQL Server Management Studio trouble with permissions - sql

Please find all the files I'm refering to at this link:
http://whyisthisinmyfood.com/sql/
I have installed a new copy of "SQL Server 2008 R2 Management Studio Express (x86)" on two Windows 7 computers. The SAME install file for both computers. Installed the same way. (as far as I know, I chose the same options)
One at home and one at work.
The one at home seems to work perfectly I "Execute" this file (ITD132-Inventory Initial with data.sql) and it works fine. When I "Execute" it at work I get:
Msg 262, Level 14, State 1, Line 1
CREATE DATABASE permission denied in database 'master'.
..and a bunch of stuff after that which is caused because the database was not created in the first place.
I have compared the permissions on both computers.
see these files:
home computer : non-networked.jpg
work computer: work-networked.jpg
I read in one post that to create new Logins one must be logged in as the Administrator. I log into the Server Managment studio with my windows credentials and I am the Local Admin for my work computer and I have not been able to find any other place to log in as an administrator for this SQL Server Management Studio (so clearly I'm not sure whats meant by that)
At this point I think my problem is that I need to create a user who is not just the "BUILTIN\User" (because this login does not have permissions) with permissions.
But I have no idea how to login as an administrator to create this user role.
Please forgive me if these are obvious answers as I am just starting with this MS Management studio and am not very familiar with T-SQL.
Thanks,
Diana

If you install SQL Server, you get asked during installation process which user or user group should have the Admin-Privileges. If your computer is part of a domain and you login locally, things might get complicated.
The easiest (but not safest way) to login as a "superuser" if to enable the "sa" user.
this is one user that logs on with a password (not integrated logon) and has all the juice to run every script possible :-) By default it's disabled - googling I found a easy how-to enable it:
http://sudeeptaganguly.wordpress.com/2010/04/20/how-to-enable-sa-account-in-sql-server/

I think you are correct that you need to create another user with enough permission. Generally logging in with "integrated security" using your Windows credentials should have enough permissions (assuming the same user is the user that installed SQL Server). If not, you have better luck logging in as the SQL Server user "sa" (system administrator) which should have full permission. Do you know the "sa" password?
Note: the security mode for SQL Server can be set to "Only integrated security with Windows users", "SQL Server security" or "both". The "sa" account will only work if the SQL Server security is enabled. You may be able to access these settings using your BuiltIn\User account.

Related

partial user name upon installation of SQL Server 2017 Developer Edition

I'm in the process of setting up a new laptop for application development work and today I installed SQL Server 2017 Developer Edition on this computer. I used the Basic install option rather than the Customize install option. Some pertinent facts:
operating system is Windows 10
device name is MARIGOLD
administrator on this computer is an e-mail address and the characters that appear before the # symbol for the e-mail are knot22
When the confirmation screen was displayed after installing SQL Server, it showed the SQL Administrator as MARIGOLD\knot2 (see red line that points this out in screenshot). Notice that there is a 2 missing - was was expected was MARIGOLD\knot22. Why did it chop off the user name? Is there a way to fix this?
Your username on the computer is "knot2".
This may not match the display name.
The following procedure will lose all stored credentials. You may lose program data, bookmarks contact lists... as well as some file permissions
The easiest way to solve this is to:
Create a temporary admin account, Grant the account all privileges in SQL Server.
Login as that user.
Backup the entire C:\users\knot2 directory(including hidden and system files). You may have to reboot to do this.
Delete the "knot2" user.
Create "knot22" user.
Grant the "knot22" account all privileges in SQL Server.
Copy the backup of C:\users\knot2 into C:\users\knot22
Remove or disable the temporary user.
It is up to you to figure out if it is worth it or not.

How to fix TF246017 The Team foundation server could not connect to database

I'm getting nothing but this error TF246017 I'm not able to access TFS as admin or domain user
While accessing administration console, showing the error TF246017
Domain users getting TF31001 where the server returns TF246017
TFS was working fine with SQL Server 2008. And now we have also installed SQL server 2012 in the same machine.( I believe it doesn't connected anyway to tfs server)
But, even after uninstalling SQL 2012, it displays the same error
In application tier/ database tier, getting error as Error retrieving value.
Unable to access http://xxxxxxx:8080/tfs displays same error TF246017
And also, im unable to locate the sql express database to take the backup.
How to resolve this issue?
Note : I'm using TFS 2012 and VS2010
Login to windows server using the same windows credential user you used during SQL Server installation.
Verify or add the new windows user credential (assuming you are using different user credential to connect to TFS) to be part of sysadmin user group in SQL Server or ask your SQL Server DBA to add the user to sysadmin group.
Note: This is required because for every new TFS Team project created, TFS presents 2 option empty database or new database. To create new database the TFS admin user have to be part of SQL server sysadmin group
If TFS 2012 was installed using the same windows credential, open the TFS Admin console and add or verify the user is listed in "administration Console Users" list.
If TFS Admin console reads "You do not have permission or not administrator" or something along this line, then you need to log out and log back using the correct windows credential used for installation or use one of the TFS admin user and then add the new user credential.
Recommendation: To avoid confusion I would recommend use the same user credential for SQL Server and TFS server. Ex: "domainname/tfs" is local admin to the server, sysadmin in SQL Server DB and also admin user to TFS server.
To make like simple start of by, adding the windows user (intended to use as TFS admin) as windows administration group. Then logout and log back using the TFS admin user to install SQL Server and TFS server.
I had a similar issue branch code in my version of TFS (Azure DevOps Premise). I tracked my issue down by looking at the event viewer on the local TFS server and found that I was that I was getting the following SQL error:
DESCRIPTION: SQL Server Assertion: File: , line=951 Failed Assertion =
'IS_OFF (BUF_MINLOGGED, m_buf->bstat) || pageModifyType !=
PageModifyType_Contents || GetPagePtr ()->IsTextPage ()'. This error
may be timing-related. If the error persists after rerunning the
statement, use DBCC CHECKDB to check the database for structural
integrity, or restart the server to ensure in-memory data structures
are not corrupted.
I found the first item in the following answer solved my issue.
I simply switched my main TFS database containing my collection to FULL recovery mode and I was immediately able to proceed with my previously erroring task.
Connect to your SQL instance via SQL Server Management Studio and check if any of the TFS databases are in a "Recovery Pending" state. If so, restart your SQL instance and the state should return to normal. Worked for me!
Just find out the Team foundation application under application pool. right click and go to advance setting set the identity using the credentials used for SQL Sever or TFS Admin and done ..you can now access the TFS as earlier.

sql server 2012: cannot alter the login sa

I'm trying to create a database on my local machine using SSMS version 11.0.2100.60. I've run the application as administrator, logged in using Windows authentication, and I've added MYDOMAIN\my-username to the Logins. However if I try to create a db with this login I get the message
CREATE DATABASE permission denied in database 'master'.
(Microsoft SQL Server, Error: 262)
If I try to add the privelage dbcreator to my user, I get the following error.
User does not have permission to perform this action.
(Microsoft SQL Server, Error: 15247)
I can't log in as sa as I don't know/remember the password (is there a preset default?), and if I try to change the password I get the message:
Cannot alter the login 'sa', because it does not exist or you do not have permission.
(Microsoft SQL Server, Error: 15151)
Finally I note that the account 'sa' is disabled, and if I try to enable it I get the same error as before. Is there any way around this or do I need to re-install?
Version info:
Microsoft SQL Server Management Studio 11.0.2100.60
Microsoft Analysis Services Client Tools 11.0.2100.60
Microsoft Data Access Components (MDAC) 6.2.9200.16384
Microsoft MSXML 3.0 4.0 6.0
Microsoft Internet Explorer 9.10.9200.16635
Microsoft .NET Framework 4.0.30319.18051
Operating System 6.2.9200
I found the answer here:
In order to start SQL Server in single-user mode, you can add the
parameter “-m” at the command line. You can also use the SQL Server
Configuration Manager tool, which provides proper controls for the
file access and other privileges. To use the Configuration Manager
tool to recover your system, use the following steps:
Open the Configuration Manager tool from the "SQL Server 2005| Configuration" menu
Stop the SQL Server Instance you need to recover
Navigate to the “Advanced” tab, and in the Properties text box add “;–m” to the end of the list in the “Startup parameters” option
Click the “OK” button and restart the SQL Server Instance
A little more specific :
Open Sql Configuration Manager.
Select SQL Server Services.
On the right hand side, select the instance.
Right click on it and open properties.
In the advanced tab attach ";-m" at the end of the Startup Parameters field.
Apply and restart the service.
Now you have privilege to enable "sa" user and modify its password.
once done, remove ";-m" and restart the service.
You are good to go.
I'd like to point out an alternative answer laid out on DBA SE. Download PSExec onto the box that is having the problem and follow the instructions laid out in this blog post to effortlessly change admin settings using the NT Authority\System account.
./psexec -s -i "C:\...\Ssms.exe"
Wanted to share this solution as it solved my problem!

Cannot attach database SQL Server 2012 error 5

When I type this:
CREATE DATABASE AdventureWorks2012
ON (FILENAME = 'C:\Users\sohm\Desktop\Pohm\AdventureWorks2012_Data.mdf')
FOR ATTACH_REBUILD_LOG ;
I get this:
File activation failure. The physical file name
"C:\Users\sohm\Desktop\AdventureWorks2012_Data_log.ldf" may be incorrect.
Msg 5123, Level 16, State 1, Line 1
CREATE FILE encountered operating system error 5 (Access is denied.) while attempting to
open or create the physical file 'C:\adventuredb\AdventureWorks2012_Data_log.ldf'.
Msg 1813, Level 16, State 2, Line 1
Could not open new database 'AdventureWorks2012'. CREATE DATABASE is aborted.
I know it has to do with permissions. I have the administrator account. I have read a million posts but nothing has worked so far. Also when I try to change the folder containing the mdf file, to full control but it keeps reverting back to read-only.
You should run SSMS as an administrator.
Also it is possible that you might be running query as an 'sa' user(sql server authentication).
Try running the query with windows Authentication.
SHORT VERSION
For allowing MS SQL server 2012 to attach the database files you must grant full access to the mdf and ldf files to:
NT Service\MSSQLSERVER
Full Access
LONG VERSION
SQL Security has been updated a lot in 2012 handling of files.
http://technet.microsoft.com/en-us/library/ms189128.aspx
If you look at the existing attached databases and there security you will probably see that there only are 2 roles allowed with full access. MSSQLSERVER and Administrators, when attached SQL Removes all other roles from the files.
Trying to set the MSSQLSERVER from the fil security Permission will not work.
Looking at your services.msc overview you will in a default install see that NT Service\MSSQLSERVER also runs the SQL server servics.
The service account is not visible, the same issue as with IIS AppPools, a sub group has been created by the system and "hides" the accounts from auto discovery, probably to try and secure the accounts but in my view just obscures the setup.
Regards Jan
Open the SQL Server Management Stdio in Administrator mode(Right click -> Select Run as Administrator. If it asks for User name and password enter your Administrator user name password). Then select Windows Authentication click ok, and now try to attache it will attache without any error.
This has nothing to do with YOUR account. SQL Server is trying to write to that folder under the context of the service account that is running SQL Server. You can see who this is by going to the Services applet and seeing who the instance runs as (probably NT AUTHORITY\SYSTEM or whatever). You can override that or you can place your MDF files in the data folder, which SQL Server already has inherent access to, instead of placing them in this other location on your C:\ drive.
Another way to solve this is to change all the SQL Server services to Local System Account instead of services. Start -> Run ->Services.msc -> Scroll down to SQL Server, you should see five services that start with SQL Server. Right-Click, Properties, Log On, change to Local System Account. Repeat for all the rest of the SQL Server Services and restart them all.
Try This
Go to the folder where you have stored mdf file.
Select file -> Right click -> click on mdf give full permissions to file for logged in user Security.
If still issue persist and it might me because of corrupted transaction logs, you may use tool SQL Database Recovery Tool Repairs to repair your corrupted mdf file.
Figured it out. I went to sql server configuration manager and right clicked SQL Server Service. Then I added my Windows Admin account to run the service and now it works.

Connect different Windows User in SQL Server Management Studio (2005 or later)

Is there a way in SQL Server Management Studio 2005 (or later) to change the Windows Authentication user (as you could in SQL Server 2000 and older)?
This is the general connection properties dialog(note the greyed out UID/PWD when selecting Windows Auth):
FYI - One workaround is to use runas but I'm looking for a solution that will allow me to work with multiple Windows accounts across multiple servers (and across multiple domains).
While there's no way to connect to multiple servers as different users in a single instance of SSMS, what you're looking for is the following RUNAS syntax:
runas /netonly /user:domain\username program.exe
When you use the "/netonly" switch, you can log in using remote credentials on a domain that you're not currently a member of, even if there's no trust set up. It just tells runas that the credentials will be used for accessing remote resources - the application interacts with the local computer as the currently logged-in user, and interacts with remote computers as the user whose credentials you've given.
You'd still have to run multiple instances of SSMS, but at least you could connect as different windows users in each one.
For example: runas /netonly /user:domain\username ssms.exe
Hold shift and right click on SQL Server Mangement studion icon. You can Run as other windows account user.
One other way that I discovered is to go to "Start" > "Control Panel" > "Stored Usernames and passwords" (Administrative Tools > Credential Manager in Windows 7) and add the domain account that you would use with the "runas" command.
Then, in SQL Management Studio 2005, just select the "Windows Authentication" and input the server you wanna connect to (even though the user that you can see greyed out is still the local user)... and it works!
Don't ask me why ! :)
Edit:
Make sure to include ":1433" after the server name in Credential Manager or it may not connect due to not trusting the domain.
None of these answers did what I needed:
Login to a remote server using a different domain account than I was logged into on my local machine, and it's a client's domain across a vpn. I don't want to be on their domain!
Instead, on the connect to server dialog, select "Windows Authentication", click the Options button, and then on the Additional Connection Parameters tab, enter
user id=domain\user;password=password
SSMS won't remember, but it will connect with that account.
The runas /netonly /user:domain\username program.exe command only worked for me on Windows 10
saving it as a batch file
running it as an administrator,
when running the command batch as regular user I got the wrong password issue mentioned by some users on previous comments.
For Windows 10:
Go to the Sql Management Studio Icon, or Short Cut in the menu:
Right Click > Select Open File Location
Hold Shift and right Click the shortcut, or ssms.exe file that is in the folder. Holding shift will give you an extra option "Run as different user":
This will pop up a login box and you can type the credentials you would like your session to run under.
A bit of powershell magic will do the trick:
cmdkey /add:"SERVER:1433" /user:"DOMAIN\USERNAME" /pass:"PASSWORD"
Then just select windows authentication
There are many places where someone might want to deploy this kind of scenario, but due to the way integrated authentication works, it is not possible.
As gbn mentioned, integrated authentication uses a special token that corresponds to your Windows identity. There are coding practices called "impersonation" (probably used by the Run As... command) that allow you to effectively perform an activity as another Windows user, but there is not really a way to arbitrarily act as a different user (à la Linux) in Windows applications aside from that.
If you really need to administer multiple servers across several domains, you might consider one of the following:
Set up Domain Trust between your domains so that your account can access computers in the trusting domain
Configure a SQL user (using mixed authentication) across all the servers you need to administer so that you can log in that way; obviously, this might introduce some security issues and create a maintenance nightmare if you have to change all the passwords at some point.
Hopefully this helps!
Did anybody tried "plain" runas without parameters? Those /netonly /savcecred all of them sound ambiguous and to me utter nonsense.
C:\Windows\System32\runas.exe /user:DOMAINX\OtherUser02 "C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\ssms.exe"
This works just fine. No matter what, runas WILL ask you for the user password. Just type it and be security audit compliant.
The only way to achieve what you want is opening several instances of SSMS by right clicking on shortcut and using the 'Run-as' feature.