I am a sysadmin on the two SQL server machines (obviously not a very good one). I linked the servers by using sp_addlinkedserver. I was successful, and my query ran fine as T-SQL and a stored procedure. I tried to setup my stored procedure to run as a SQL Server Agent job. It was here that it was failing. I tried making a user on both servers the owner, but it was still failing. I did some reading and I wanted to add a mapped user. I ran the following command, not thinking it through, and now my user is messed up. I keep getting permission issues.
EXEC sp_addlinkedsrvlogin
#rmtsrvname = 'servername',
#useself = 'true',
#locallogin = 'null
How do I revert this back? I tried dropping the linked server and logins... my user doesn't have that permission anymore. I can do that as Sa. I can't add the linked server with my user anymore, gotta do that with sa.
Basically, how do I restore my permissions? I'm still sysadmin in both SQL instances.
thanks
So I did figure it out myself. I logged in as SA to perform the following command.
EXEC sp_droplinkedsrvlogin
#rmtsrvname = 'remoteserver',
#locallogin = 'domain\user'
this did the trick, but I did have to close out of all active connections as the domain user, restart SSMS in order for me permissions to get returned.
We are running SQL Server 2014. We want to use a gMSA as the proxy account for xp_cmdshell.
I tried running the following:
EXEC sys.sp_xp_cmdshell_proxy_account 'gmsaNameGoesHere$', ''
However, it expects a password.
I tried running the following:
CREATE CREDENTIAL ##xp_cmdshell_proxy_account## WITH IDENTITY = 'gmsaNameGoesHere$'
It runs! However, when the user tries to run xp_cmdshell via the proxy account, they're told:
Msg 15153, Level 16, State 1, Procedure xp_cmdshell, Line 3 The
xp_cmdshell proxy account information cannot be retrieved or is
invalid. Verify that the '##xp_cmdshell_proxy_account##' credential
exists and contains valid information.
Is it possible to use a gMSA as the proxy account for xp_cmdshell in SQL Server 2014? If so, how do I set it up as the proxy account?
Thanks!
I'm having some trouble with logging in with a newly created SQL User.
I have created a login and user on my SQL Server. I have changed the SQL Authentication mode to mixed and restarted the service.
Each time I try to login it gives me this error:
Login failed for user 'BI_USER'. (Microsoft SQL Server, Error 18456)
Since this error description is pretty minimal I looked in the event viewer of my SQL Machine and this is what I find:
Login failed for user 'BI_USER'. Reason: An attempt to login using SQL authentication failed. Server is configured for Windows authentication only. [CLIENT: x.x.x.x]
This really confused me...I double checked if this is the case but in SSMS I still see that my server is in Mixed mode.
I even checked with a T-SQL statement and this statement returns me that I'm in mixed mode:
DECLARE #AuthenticationMode INT
EXEC master.dbo.xp_instance_regread
N'HKEY_LOCAL_MACHINE'
, N'Software\Microsoft\MSSQLServer\MSSQLServer'
, N'LoginMode'
, #AuthenticationMode OUTPUT
SELECT
CASE #AuthenticationMode
WHEN 1 THEN 'Windows Authentication'
WHEN 2 THEN 'Windows and SQL Server Authentication'
ELSE 'Unknown'
END as [Authentication Mode]
Anyone else has some expierence with this error and how to solve this?
KR,
Kevin
For testing purposes only does authentication pass for user BI_USER if the users SERVER ROLE is edited to give it the sysadmin privilege. If the answer is yes remove the sysadmin privilege and attempt to isolate which privilege is required to authenticate. What OS is SQL 2014 hosted on out of interest ?
I can add a link server with EXEC sp_addlinkedserver, (With no credentials) successfully, however, I need to provide a username and password to a server if the Windows Authentication doesn't work.
So I have tried using
EXEC sp_addlinkedsrvlogin #rmtsrvname='ServerName',
#useself=N'False',
#locallogin=NULL,
#rmtuser='sa',
#rmtpassword='Password'
Which this error appears
Msg 15015, Level 16, State 1, Procedure sp_addlinkedsrvlogin, Line 49
The server 'ServerName' does not exist. Use sp_helpserver to show
available servers
.
I dont understand as looking online, I have understood the two prodcecures to be the same, but sp_addlinkedsrvlogin takes a username and password and then creates the link server. I guess I have this wrong? So if I have, is there a SQL Server Procedure that will do what I want?
Cheers
I have understood the two prodcecures to be the same
Incorrect. sp_addlinkedsrvlogin is documented as:
Creates or updates a mapping between a login on the local instance of SQL Server and a security account on a remote server.
Nowhere is said that it creates a linked server. In fact the very first argument is properly documented as:
#rmtsrvname Is the name of a linked server that the login mapping applies to
You first create the linked server via sp_addlinkedserver, you then add the linked server login via sp_addlinkedsrvlogin.
I want to write a script to create a admin user ( with abcd password ) in SQL Server Express.
Also I want to assign this user admin full rights.
Based on your question, I think that you may be a bit confused about the difference between a User and a Login. A Login is an account on the SQL Server as a whole - someone who is able to log in to the server and who has a password. A User is a Login with access to a specific database.
Creating a Login is easy and must (obviously) be done before creating a User account for the login in a specific database:
CREATE LOGIN NewAdminName WITH PASSWORD = 'ABCD'
GO
Here is how you create a User with db_owner privileges using the Login you just declared:
Use YourDatabase;
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'NewAdminName')
BEGIN
CREATE USER [NewAdminName] FOR LOGIN [NewAdminName]
EXEC sp_addrolemember N'db_owner', N'NewAdminName'
END;
GO
Now, Logins are a bit more fluid than I make it seem above. For example, a Login account is automatically created (in most SQL Server installations) for the Windows Administrator account when the database is installed. In most situations, I just use that when I am administering a database (it has all privileges).
However, if you are going to be accessing the SQL Server from an application, then you will want to set the server up for "Mixed Mode" (both Windows and SQL logins) and create a Login as shown above. You'll then "GRANT" priviliges to that SQL Login based on what is needed for your app. See here for more information.
UPDATE: Aaron points out the use of the sp_addsrvrolemember to assign a prepared role to your login account. This is a good idea - faster and easier than manually granting privileges. If you google it you'll see plenty of links. However, you must still understand the distinction between a login and a user.
Full admin rights for the whole server, or a specific database? I think the others answered for a database, but for the server:
USE [master];
GO
CREATE LOGIN MyNewAdminUser
WITH PASSWORD = N'abcd',
CHECK_POLICY = OFF,
CHECK_EXPIRATION = OFF;
GO
EXEC sp_addsrvrolemember
#loginame = N'MyNewAdminUser',
#rolename = N'sysadmin';
You may need to leave off the CHECK_ parameters depending on what version of SQL Server Express you are using (it is almost always useful to include this information in your question).
You can use:
CREATE LOGIN <login name> WITH PASSWORD = '<password>' ; GO
To create the login (See here for more details).
Then you may need to use:
CREATE USER user_name
To create the user associated with the login for the specific database you want to grant them access too.
(See here for details)
You can also use:
GRANT permission [ ,...n ] ON SCHEMA :: schema_name
To set up the permissions for the schema's that you assigned the users to.
(See here for details)
Two other commands you might find useful are ALTER USER and ALTER LOGIN.
If you want to create a generic script you can do it with an Execute statement with a Replace with your username and database name
Declare #userName as varchar(50);
Declare #defaultDataBaseName as varchar(50);
Declare #LoginCreationScript as varchar(max);
Declare #UserCreationScript as varchar(max);
Declare #TempUserCreationScript as varchar(max);
set #defaultDataBaseName = 'data1';
set #userName = 'domain\userName';
set #LoginCreationScript ='CREATE LOGIN [{userName}]
FROM WINDOWS
WITH DEFAULT_DATABASE ={dataBaseName}'
set #UserCreationScript ='
USE {dataBaseName}
CREATE User [{userName}] for LOGIN [{userName}];
EXEC sp_addrolemember ''db_datareader'', ''{userName}'';
EXEC sp_addrolemember ''db_datawriter'', ''{userName}'';
Grant Execute on Schema :: dbo TO [{userName}];'
/*Login creation*/
set #LoginCreationScript=Replace(Replace(#LoginCreationScript, '{userName}', #userName), '{dataBaseName}', #defaultDataBaseName)
set #UserCreationScript =Replace(#UserCreationScript, '{userName}', #userName)
Execute(#LoginCreationScript)
/*User creation and role assignment*/
set #TempUserCreationScript =Replace(#UserCreationScript, '{dataBaseName}', #defaultDataBaseName)
Execute(#TempUserCreationScript)
set #TempUserCreationScript =Replace(#UserCreationScript, '{dataBaseName}', 'db2')
Execute(#TempUserCreationScript)
set #TempUserCreationScript =Replace(#UserCreationScript, '{dataBaseName}', 'db3')
Execute(#TempUserCreationScript)
CREATE LOGIN AdminLOGIN WITH PASSWORD = 'pass'
GO
Use MyDatabase;
GO
IF NOT EXISTS (SELECT * FROM sys.database_principals WHERE name = N'AdminLOGIN')
BEGIN
CREATE USER [AdminLOGIN] FOR LOGIN [AdminLOGIN]
EXEC sp_addrolemember N'db_owner', N'AdminLOGIN'
EXEC master..sp_addsrvrolemember #loginame = N'adminlogin', #rolename = N'sysadmin'
END;
GO
this full help you for network using:
1- Right-click on SQL Server instance at root of Object Explorer, click on Properties
Select Security from the left pane.
2- Select the SQL Server and Windows Authentication mode radio button, and click OK.
3- Right-click on the SQL Server instance, select Restart (alternatively, open up Services and restart the SQL Server service).
4- Close sql server application and reopen it
5- open 'SQL Server Configuration Manager' and tcp enabled for network
6-Double-click the TCP/IP protocol, go to the IP Addresses tab and scroll down to the IPAll section.
7-Specify the 1433 in the TCP Port field (or another port if 1433 is used by another MSSQL Server) and press the OK
8-Open in Sql Server: Security And Login And Right Click on Login Name And Select Peroperties And Select Server Roles And
Checked The Sysadmin And Bulkadmin then Ok.
9-firewall: Open cmd as administrator and type:
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
This past week I installed Microsoft SQL Server 2014 Developer Edition on my dev box, and immediately ran into a problem I had never seen before.
I’ve installed various versions of SQL Server countless times, and it is usually a painless procedure. Install the server, run the Management Console, it’s that simple. However, after completing this installation, when I tried to log in to the server using SSMS, I got an error like the one below:
SQL Server login error 18456
“Login failed for user… (Microsoft SQL Server, Error: 18456)”
I’m used to seeing this error if I typed the wrong password when logging in – but that’s only if I’m using mixed mode (Windows and SQL Authentication). In this case, the server was set up with Windows Authentication only, and the user account was my own. I’m still not sure why it didn’t add my user to the SYSADMIN role during setup; perhaps I missed a step and forgot to add it. At any rate, not all hope was lost.
The way to fix this, if you cannot log on with any other account to SQL Server, is to add your network login through a command line interface. For this to work, you need to be an Administrator on Windows for the PC that you’re logged onto.
Stop the MSSQL service.
Open a Command Prompt using Run As Administrator.
Change to the folder that holds the SQL Server EXE file; the default for SQL Server 2014 is “C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn”.
Run the following command: “sqlservr.exe –m”. This will start SQL Server in single-user mode.
While leaving this Command Prompt open, open another one, repeating steps 2 and 3.
In the second Command Prompt window, run “SQLCMD –S Server_Name\Instance_Name”
In this window, run the following lines, pressing Enter after each one:
1
CREATE LOGIN [domainName\loginName] FROM WINDOWS
2
GO
3
SP_ADDSRVROLEMEMBER 'LOGIN_NAME','SYSADMIN'
4
GO
Use CTRL+C to end both processes in the Command Prompt windows; you will be prompted to press Y to end the SQL Server process.
Restart the MSSQL service.
That’s it! You should now be able to log in using your network login.