I need to add a user (\network_service) to a different computer's sql server logins.
How can I do this? I am attempting to search for the account, but it is not finding it.
In SQL Server:
Security >
Right-Click Logins >
Click "Search" >
attempt to find \\<computername>\network_service
attempt to find \\<computername.domainname>\network_service
attempt to find <computername>\network_service
...nothing is working. I am searching under "all locations".
This is to get a dotnetnuke website running with using a separate server for its sql database. Supposedly, I need to add the NETWORK_SERVICE account as a sql server login.
Any ideas?
http://msdn.microsoft.com/en-us/library/ff647402.aspx
Network Service on one computer is Network Service on all; It is a limited-privilege, authenticatable user account common to all Windows NT machines. So, you should be able to simply grant the DB server's Network Service user access to the DB, and then applications, whether local or remote, that are authenticating themselves as Network Services should get the same access.
Related
So what I need is a remote/cloud Windows Server that I can connect to using RDP (or another remote connection program) where I can create users, groups, basically everything I could do with an on-premises Server instance. What I need though is to be able to setup all the office computers to authenticate through the cloud AD. I have no clue how to do this. I cannot have a Server running on-premises, period. Just need something where I can connect each computer to the remote domain/forest, hopefully using an IP to the server, and then have the employees be able to logon to any domain-connected PC using their credentials. Thank you for any and all answers! -Scott
You need Azure Active Directory. You can control everything with remote management in the way you have described. Per the provided link, "Azure Active Directory (Azure AD) provides an easy way for businesses to manage identity and access, both in the cloud and on-premises."
I'm looking at using SQL LocalDB as the client side database which will replace the current SQL CE 3.5 database inside an in-house application developed in .net 4.
I've come across a problem that I'm not sure how to get around and that's with security setup of the LocalDB instance.
If I setup a script inside .net to create a private LocalDB instance, e.g. (localdb)\T1, then create a new database inside that instance plus add a SQL user account + password (non domain account), how do I stop the local windows users (like my own AD account) with admin level privileges from accessing the 'T1' instance + database using SSMS?
I could see a scenario playing out where we deploy the application, then we have some IT savvy user who goes snooping around and decides to install SSMS and connect to (localdb)\T1 with their windows account, which would give him/her full access to the database, which is exactly what I'm trying to stop from happening.
Some of our staff work remotely with no connection to a domain so we give them local admin rights to their pc so they can install software, so even if I could block their assigned windows login name, there would be nothing stopping them from setting up a new local admin account and logging in with that, opening SSMS then accessing the database.
Any pointers on this would be greatly appreciated!
In fact, it shouldn't be so hard. Install SQL Server on client machine using local admin account. To make you life easier, use Mixed Authentication.
After you have your instance installed, local admin account should have sysadmin server role assigned (that's normal security settings). Now, use the following:
Create new SQL Server user and assign sysadmin server role to that account. Close SSMS and log-in using new credentials. Or simply use sa account (not so good practice but in this case it's OK).
Go to "Security - Logins" and remove sysadmin role from local admin. Also, check in user mappings and take all rights "away" from local admin.
As a test, try to log-in as local admin, I guess you won't be able to log-in into server because there is no "home" database for that user. But even if you can log-in, it has only "public" role.
It's up to you to install your database and secure it - assign permission to user of your choice.
Regarding you fear that local admin can install MSSQL again: he/she can install it, but it would be another instance. That instance knows nothing about users in your instance so you should be safe.
You can also consider usage of application roles in SQL server.
This is the thing, I have a server working perfectly allowing LAN connections, now im setting up a second one for maintenance purposes, but for some reasons I can't connect to him using windows authenticacion, but I still can to the first one, or using sql server login but I dont what to, I want to use Windows Authenticacion... I keep getting error message:
login failed for user "the user is not associated with a trusted SQL connection. (microsoft sql server, error:18452)
UPDATE: Both servers are running under Windows 7 (they are not for buissness use) they both are configure exactly equal.
UPDATE 2: I can connect from the same computer but not from a network one.
After few time, I realize the problem was at the layer eight (me), the best way to use windows authentication for SQL server is configuring a domain server, then add those domains users to sql and give them the desired privileges to connect to a database, and that' all it's that simple (at least for me it was) so after that, I created a System DSN Connection using windows authentication.
I've inherited a VB.Net Windows forms application that is used across several hundred remote sites. On the remote sites the application connects locally to a local SQL server instance using the currently logged in Windows user at the workstation - this all works fine.
The application however also needs to connect to a remote SQL server - currently this is done using a set of connection strings and sql authentication. The DBA wants to move away from using SQL server authentication and make everything Windows authentication.
Clearly, adding hundreds of users to the remote DB is not an option. Therefore I need to be able to use the currently logged in user if connecting locally to a local SQL server and a different Windows users (which will have permissions to the db server) if I am connecting remotely.
Does anyone have any suggestions of how this can be done or can suggest an approach.
Thanks
Since both servers are on the same domain, create Active Directory Groups for the application, put the users' Windows logins into the groups, and then give the 2, 3 or 10 or whatever app-specific AD groups permissions in the databases. If you're using stored procedures, create a database role for each AD group, grant the DB role execute permissions, and add the AD groups to the DB roles.
I am a developer-having-to-play-admin and wish to connect to a remote sql server from my development machine using a sql server user ("op_web").
When I try to connect from vs2008 Server Explorer, I can connect to the server, but no databases are listed. If I connect using the server admin user, all databases are listed as expected.
The server is a relatively fresh install made by me.
I have
allowed for remote connections in sql server.
created the login op_web at server level
created a user at database level and assigned to login with same name
assigned roles to the user to allow for reading and writing - I have assigned no schemas and default schema for the user is dbo.
If I log on (locally at server) using sqlserver management studio/sqlserver authentication and the created login, I can display and alter table data as I would expect.
Remote access gives me no choice of databases.
Any pointers to what I might have missed?
You have to give your users rights on the database.