I am working on a project and I have access to SQL Server as external user with limited privileges.
When I want to create a login for example with this command, I get permission denied:
CREATE LOGIN [login] WITH PASSWORD=N'test', DEFAULT_DATABASE=[master],
DEFAULT_LANGUAGE=[us_english], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF)
However when I try to create a login with this command I can make it and also I have privileges now to enable xp_cmd shell as well:
EXECUTE('EXECUTE(''CREATE LOGIN [test5] WITH PASSWORD=N''''test'''',
DEFAULT_DATABASE=[master], CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF'') AT "hostname\domain"')
EXECUTE('EXECUTE(''ALTER SERVER ROLE [sysadmin] ADD MEMBER [test5]'')
EXECUTE('EXECUTE(''ALTER SERVER ROLE [db_owner] ADD MEMBER [test5]'')
Can someone please explain why is that?
EXECUTE('string sql statement') AT "hostname\domain" == the 'string sql statement' is a pass-through command executed at the linked server "hostname/domain".
Has someone created a loop-back linked server (a linked server that points to the sql instance itself)?
Linked servers have their own security configuration/settings. If the security of the linked server is configured (for any login) to be made under the security context of a privileged login(eg. sa) then exec('') at linkedserver will be executed with way more/elevated permissions (than expected). This is a major security issue/hole.
Check the security of the linked server and change accordingly (and do you really need a loopback linked server?)
I have been able to set up an active directory login for my Azure database.
Now I want to add additional active directory logins and set their permissions
I understand that I need to use Management Studio to do this and have installed SSMS v17.8.1
I have been studying docs but I can't find the instructions
[Update]
After reading Conor's answer I was able to create the user
CREATE USER [jobuser#mydomain] FROM EXTERNAL PROVIDER WITH DEFAULT_SCHEMA=[dbo]
However if I try to login using MSSMS with Active Directory - Password authentication I get
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON' (MIcrosoft SQL Server, Error 18456)
[Update]
In the Connection Properties Tab
I had to overtype with the database name
That particular page only shows an example using a SQL login/user, so I can understand why you are confused.
Please read through this page:
https://learn.microsoft.com/en-us/sql/t-sql/statements/create-user-transact-sql?view=sql-server-2017
Specifically, you want to create a user using the AS EXTERNAL PROVIDER example. This tells SQL Azure (and SQL DW) to use Azure Active Directory instead of creating a SQL user. Please note that this does not (as of today) work in SQL Server. (SQL Server supports integrated authentication against a local Active Directory, but it just does not currently support the Azure Active Directory service).
Also, there is no specific requirement that you use SSMS to do this step. You can do it within SSMS, SQL Operation Studio, through one of the SQL client drivers in a program you write (or some third party program that can invoke SQL over them), sqlcmd, etc. You don't even need to have the latest SSMS to make things work (though it is recommend to get the best experience against SQL Azure including syntax highlighting).
Please give that a try and see if it gets you unblocked.
Best of Luck!
I am going to start work on new Desktop application. There is I want to use light weight and standalone database so that I am going use SQL LocalDB but I want to add authentication. There I need username and password before accessing database but authentication not applied there please help me how can I do it.
If we cannot add username add password in SQL LocalDB then please suggest me any another database that will best for me and also I can use entity framework with that.
Thanks in advance
To add your new DB user to your MSSQLLocalDB you need to connect to it and execute this:
CREATE LOGIN your_user WITH PASSWORD = 'your_password';
CREATE USER your_user FOR LOGIN your_user;
EXEC sp_addrolemember 'db_owner', 'your_user'
Then you will be able to connect to MSSQLLocalDB database engine with SQL Server Authentication using these credentials.
Server name: (LocalDB)\MSSQLLocalDB
Authentication: SQL Server Authentication
User: your_user
Password: your_password
Or you can use instance pipe name instead of (LocalDB)\MSSQLLocalDB as a Server name (see below where to get it).
Initial connection to your local DB from SQL Server Management Studio (SSMS)
Initially to run the SQL command above you need to connect to your MSSQLLocalDB with Windows Authentication. You can do it in two ways (try the second if the first one won't work by default).
Using instance name
Server name: (LocalDB)\MSSQLLocalDB
Authentication: Windows Authentication
Using instance pipe name
From the command line go to C:\Program Files\Microsoft SQL Server\130\Tools\Binn\ (you might need to use other versions and replace \130\ with your folder name) and run SqlLocalDB.exe to find the local DB instances you have:
SqlLocalDB.exe i
Make sure you have MSSQLLocalDB listed. Then run this command to see the MSSQLLocalDB status (the first line) and start if it's stopped (the second line):
SqlLocalDB.exe i MSSQLLocalDB
SqlLocalDB.exe start MSSQLLocalDB
Then you can execute SqlLocalDB.exe i MSSQLLocalDB again to see the the instance pipe name. Something like this np:\\.\pipe\LOCALDB#D7900618\tsql\query
To connect in SSMS you need to enter:
Server name: np:\\.\pipe\LOCALDB#D7900618\tsql\query
Authentication: Windows Authentication
just want to add you need sysadmin role so you can create databases
using this code
ALTER SERVER ROLE sysadmin ADD MEMBER your_user;
GO
use this :
SqlConnection con = new SqlConnection("Server= localhost, Authentication=Windows Authentication, Database= employeedetails");
con.Open();
if you want sql server authentication than read this :
http://msdn.microsoft.com/en-us/library/ms162132.aspx
I'm trying to create a database on my local machine using SSMS version 11.0.2100.60. I've run the application as administrator, logged in using Windows authentication, and I've added MYDOMAIN\my-username to the Logins. However if I try to create a db with this login I get the message
CREATE DATABASE permission denied in database 'master'.
(Microsoft SQL Server, Error: 262)
If I try to add the privelage dbcreator to my user, I get the following error.
User does not have permission to perform this action.
(Microsoft SQL Server, Error: 15247)
I can't log in as sa as I don't know/remember the password (is there a preset default?), and if I try to change the password I get the message:
Cannot alter the login 'sa', because it does not exist or you do not have permission.
(Microsoft SQL Server, Error: 15151)
Finally I note that the account 'sa' is disabled, and if I try to enable it I get the same error as before. Is there any way around this or do I need to re-install?
Version info:
Microsoft SQL Server Management Studio 11.0.2100.60
Microsoft Analysis Services Client Tools 11.0.2100.60
Microsoft Data Access Components (MDAC) 6.2.9200.16384
Microsoft MSXML 3.0 4.0 6.0
Microsoft Internet Explorer 9.10.9200.16635
Microsoft .NET Framework 4.0.30319.18051
Operating System 6.2.9200
I found the answer here:
In order to start SQL Server in single-user mode, you can add the
parameter “-m” at the command line. You can also use the SQL Server
Configuration Manager tool, which provides proper controls for the
file access and other privileges. To use the Configuration Manager
tool to recover your system, use the following steps:
Open the Configuration Manager tool from the "SQL Server 2005| Configuration" menu
Stop the SQL Server Instance you need to recover
Navigate to the “Advanced” tab, and in the Properties text box add “;–m” to the end of the list in the “Startup parameters” option
Click the “OK” button and restart the SQL Server Instance
A little more specific :
Open Sql Configuration Manager.
Select SQL Server Services.
On the right hand side, select the instance.
Right click on it and open properties.
In the advanced tab attach ";-m" at the end of the Startup Parameters field.
Apply and restart the service.
Now you have privilege to enable "sa" user and modify its password.
once done, remove ";-m" and restart the service.
You are good to go.
I'd like to point out an alternative answer laid out on DBA SE. Download PSExec onto the box that is having the problem and follow the instructions laid out in this blog post to effortlessly change admin settings using the NT Authority\System account.
./psexec -s -i "C:\...\Ssms.exe"
Wanted to share this solution as it solved my problem!
I'm creating new login in SQL Server 2008 with following sql script:
CREATE LOGIN [xyz] WITH PASSWORD='xyz',
DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english],
CHECK_EXPIRATION=OFF, CHECK_POLICY=OFF
It creates new login successfully. But when I try to login with it using SQL Server Management Studio it fails saying:
A connection was successfully established with the server, but then an error occurred during the login process. (provider: Shared Memory Provider, error: 0 - No process is on the other end of the pipe.) (Microsoft SQL Server, Error: 233)
What's wrong? How do I solve this issue?
Here is how I done it, maybe it works for you too.
login Microsoft SQL Server 2012 with windows authentication.
right-click onto the server name in Object Explorer and click Properties
In the new tab click Security
select SQL Server and Windows Authentication
Ok
Close the SQL server management studio.
start+run
write services.msc
search for SQL there and restart all services.
that works for me.
It's also possible that you're trying to use SQL Server Authentication without having enabled it. To fix this, right-click Properties on your server instance in SQL Server Management Studio, and update the security settings to include "SQL Server and Windows Authentication mode".
Looks like you're trying to connect using named pipes, but SQL Server is not listening on that protocol. See MSDN.
The two fixes MSDN suggests are:
Connect using TCP/IP, or use the SQL
Server Configuration Manager to
enable remote connections using named
pipes.
Using SQL Server Configuration
Manager on the client computer, move
TCP before named pipes in the
protocol order list.
I had a similar issue:
1. log in as the master user or windows authenticated user.
2. right click on the database --> properties --> security -->
3. change Windows Authentication mode to "SQL server and windows authentication mode" by clicking on the radio button. (if it is not)
4. restart the server
I had the same issue when i first setup SQL Server 2014 on my local machine.
In my case the solution was to set a correct defualt database.
Login with Administrator in SQL Server
Go to Securities >> Logins >> select your user name and go to properties
From Status >> uncheck user account lock check box
Change password for the user
Restart the sql server and login with your username.
I was facing the same error.
I've resolved the error by following below mentioned steps:
Disable named pipes and restart sql services.
After restart sql server I enabled names pipes and did a sql server restart again (Link for Step 1 and 2)
Connect to SQL server via studio.
Right click on SQL instance --> Properties --> Connections --> "Set the Maximum number of 5. concurrent connections to '0' ".
Save the change.
Restart the SQL server if possible. (Link for step 3 to 6)
I hope this will help someone
This is might not be a connection issue . Check your default database and if that is online . More commonly this issues seen when the default database will be offline or not exists . If your default database other than master ,better check this option.
I got a way to go around the problem.
Open one instance and login using the windows authentication
allow sql and windows auth both by right cliking on the db server.
Open second instance and login using sql authentication.
bingo the sql authenticated instance open .. :)
Actually in this way we cheat the sql authenticated instance as it tries to find an already running instance.. worked fr me.. good luck
I tried most of the solution but was not able to solve it until I found this URL which says to do the following:
Open SQL Server Management Studio and run the these queries:
sp_configure 'show advanced options', 1;
go
reconfigure
go
sp_configure 'user connections', 0
go
reconfigure
go
The reason why we got this error is that the user connections was reset to 1, so only one user was able to connect with the SQL server.
just a simple query worked for. I hope this will work for others as well.
I have not used the script style, but login through GUI I encountered the same error code. I had entered wrong user name and this is why I was getting the Sql Server, Error: 233. In order to resolve this, you should input the following information:
Server Name: MachineName\SQLEXPRESS
Authentication: SqlServer Authentication
User Name: Assigned user-name or simply sa
Password: xyzpqr
NOTE: Here I have wrote above data for demo purpose only, actual data is your machine & software's properties.
According to: https://msdn.microsoft.com/en-us/library/bb326280.aspx
Go to --> Remot setting
Go to "Remote" tab
in "Remote Assistance", Tick "Allow Remote Assistance connection to this computer", Click the "Advance" button and tick the "Allow..." and in the "Invitation" set the "30 days"
Then in the "Remote Desktop" part
Just tick "Allow remote connection to this computer"
After following the examples here and still not getting in, I found that my sa login was disabled. The following got me in:
Logged back in under windows authentication.
Expanded Security Tab
Expanded Logins Tab
Right-clicked sa and selected Properties
Went to the Status Tab
Under Login: Clicked 'Enabled' radio
Restarted Server and logged in as sa.
This assumes you have set sa password already using
ALTER LOGIN sa WITH PASSWORD = '<enterStrongPasswordHere>' ;
"A connection was successfully established with the server, but then an error occurred during the login process."
I was getting this problem from sqllocaldb when used from within Docker. The problem was the Docker image was not allocated enough memory. Increasing the memory actually fixed the problem.