I am trying to connect to a remote database with SQL authentication, from an application running as “local admin” on another machine.
I have an SQL database on one machine.
I have mixed mode authentication.
I have an application that launches on another machine, which runs as “local admin”, which means it has to connect to the database with SQL authentication.
As far I know, the application cannot run as anything other than a “local admin” account because it is launched remotely using WMI. I do not want to require as service running on the machine in order to launch the application.
But it can only connect to the database if I give the SQL account “sysadmin” rights on the “server”, so that the “local admin” account can login to the database.
Is there a way to allow an application running as “local admin” to login to the database without being “sysadmin”?
the database already had an account of the same name, which was "SQL account without login" so I had to remove it, so when I added the account to the server, it would recreate it in the database with login.
Related
In SSMS, I'm trying to use the "Deploy Database to SQL Azure Database" utility.
I'm moving a small local database in SQL Server 2012 to Azure for hosting. But after entering the host database server connection parameters I always get a "Login Failed for user,...." error, referencing the name of the local database to be created on the server.
Why this would fail is unclear, since the database does not exist on the cloud server yet. Here is what I have done:
Set up a firewall exception for my local IP address.
Confirmed my server administrator user name and password
So now I am left guessing... Locally I use Windows Authentication. If a database is to be moved to the server, does it have to have SQL Server authentication, as is required on Azure host?
You need to have the SQL server Authentication enabled in order to be able to login to your database when you move it to Azure.
Once, you login through SQL server authentication, you can create your users then and have different logins for different users.
Hope this helps!
Could somebody explain how you can have different databases/security when connecting in via Windows Authentication from when someone connects via SQL authentication?
I have a customer who had to put a computer onto their network. When they did this, the computer name changed. When connecting into SQL it now has a different server name.
The thing is if I connect using a SQL username and password, I get the databases that were installed before. However If I connect using windows authentication, I do not get the database.
I would like to know what needs to be changed in order for windows authentication to see the same as a user logging in via SQL authentication.
How can I go about changing the permissions of windows authentication?
Within SQL Server, there are Logins (at the server level) and Users (at the database level). Your SQL Server login obviously has permission to the database(s) you want to see. The logins can also be windows users and/or groups. So, if you add a named windows user as a server login, you can extend that login as users in different databases. You can do the same thing with a group. So, you could have a single login to your sql server that represents all authenticated users in your domain, etc...
So, I think you need to get into SSMS (SQL Server Management Studio) and see what logins and users are defined on your SQL Server.
Suppose my web application runs on a Windows server. It is hosted inside Tomcat, which runs as Windows service under the account LocalSystem. It accesses a Microsoft SQL Server on a remote Windows server. I would like to for the web application to authenticate to the SQL Server using integrated authentication.
From the answer to a previous question I know that the following sequence of SQL commands would enable integrated authentication if Tomcat were to run under the account <your-domain-name>\A1.
CREATE LOGIN [<your-domain-name>\A1] FROM WINDOWS;
CREATE USER [<your-domain-name>\A1];
GRANT ... ON <object-name> TO [<your-domain-name>\A1];
What is the correct SQL syntax for granting similar rights to the Local Systemaccount on host H1, if it can be done?
Local System identifies as the computer account on the local network. The computer account is identified by the computer name with a $ postfix.
So to create a login for the Local System account from host H1 on domain <your-domain-name> you would need to run the following command:
CREATE LOGIN [<your-domain-name>\H1$] FROM WINDOWS;
After that you may run the following commands to grant authorization to this account:
CREATE USER [<your-domain-name>\H1$] FOR LOGIN [<your-domain-name>\H1$];
GRANT ... ON <object-name> TO [<your-domain-name>\H1$];
What's the permission required to stop/start an SQL Server service?
I just created a login (SQL Authentication, public server role, no special permission, no database mapping) and found I can stop/restart the SQL instance through SSMS with this login. This is not what I want.
SSMS does not restart the service with the login you ue to perform queries with it, it uses the desktop/rdp user.
If you are logged into your desktop as a domain admin or local admin of the server your are connected to, and run SSMS from that desktop, you will be able to restart the SQL service. You can also restart the sql service as that user from the services.msc MMC.
I have a web service that stores data in a local SQL Server 2008 database. If I run the web service under my account the web service can successfully access the database. However, if I use the DefaultAppPool (IUSR) account then accessing the database from the web service fails.
How do I set security on SQL Server to allow access to a specific database via IIS?
The specific error message I am getting is:
Login failed for user 'IIS APPPOOL\DefaultAppPool'
You have two options (obvious maybe!):
Instead of using Windows Integrated
Security use SQL Authentication
instead.
If you can't or don't want to, then you have
to create a new user in SQL Server
that relates to that Windows account.
Or (third option) you can change the web service to run under an account that you know works.
I generally run the app pool under a domain user account, that way you control the specific user for each site on your server.
If I can't use a domain account, I'll run the site as "Network Service" - and the user that would correspond to that in SQL would be the machine account (MACHINENAME$ - replace "machinename" with your IIS server name").
If you plan to use the new IIS7 IIS users - which are not windows users - you'll have to use SQL Authentication instead of Windows authentication for your SQL database access.