SQL Server Performance

windows authentication SQL

Discussion in 'General DBA Questions' started by TRACEYSQL, May 23, 2006.

  1. TRACEYSQL New Member

    Im new to this company and now getting involved in the SQL Security.

    A new person comes onboard and he the web person and wanted access to the database.

    So i added security login domainjack and gave him permission for one databasea only.

    So im on his machine and i bring up query analyzer ...i go to databaseb and could add and delete do what i wanted.

    So i was like how come..

    So i removed his login all together.

    I go back to his machine bring up sql query analyzer and connect using sql query...with windows nt...............again i can delete add...in any database

    How........is that remotely possible.

    Thanks
    TRACEYSQL, May 23, 2006
    #2

  2. Mast_dba New Member

    Is he memeber of any group exist on the database server ? check if he is memeber of Builtinadministrators group or any other group which have acess to database server

    Thanks

    MAST
    ITS IMPOSSIBLE TO DEFEAT A PERSON WHO NEVER GIVE UP.
    Mast_dba, May 23, 2006
    #2

  3. Luis Martin Moderator

    Also check when you create the new account what group is default.


    Luis Martin
    Moderator
    SQL-Server-Performance.com

    Although nature commences with reason and ends in experience it is necessary for us to do the opposite, that is to commence with experience and from this to proceed to investigate the reason.
    Leonardo Da Vinci

    Nunca esperes el reconocimiento de tus hijos, eso ocurrirá luego de tu muerte


    All postings are provided “AS IS” with no warranties for accuracy.



    Luis Martin, May 23, 2006
    #2

  4. TRACEYSQL New Member

    On network active directory i can't see the Builtinadministrators group
    TRACEYSQL, May 23, 2006
    #2

  5. cmdr_skywalker New Member

    use the "net user <username> /domain" to identify his OS group associated with SQL Server. By the way, what permission did you gave him? When you say web person, web developer or web admin? If he is a web developer, he may need to create database objects, so you have to consider that. Better yet, assign a different database server for development/testing.

    May the Almighty God bless us all!
    www.empoweredinformation.com
    cmdr_skywalker, May 23, 2006
    #2

  6. johnson_ef Member

    hi,

    pls go to the Enterprise Manager->Server->Security-> Logins

    there you can see the "BuiltinAdministrator"

    If you are in the Locl Admin right for the system, he gets the Sysadmin right for the server once he got into the Database server.

    Try to change the Authentication into "Deny Access" and try to do the activity.

    Secondly, when you created the user, did you assign any "Server Roles"?

    -Johnson
    johnson_ef, May 23, 2006
    #2

  7. TRACEYSQL New Member

    We have the servers.
    Then on the clients installed SQL i did sql registration but did it for his NT login.

    Then did sql analyzer and connect using NT login.
    He gets all.

    Sorry i was looking for builtinadmin on active directory.

    Yes we have the builtinadmin

    If you are in the Locl Admin right for the system, he gets the Sysadmin right for the server once he got into the Database server.....what do you mean local admin
    thanks

    he gets sysadmin rights regardless of having his ntlogin set up in security...(which i have deleted)...cause im trying to understand how he gets sysadmin rights.


    TRACEYSQL, May 24, 2006
    #2

Share This Page