I have an installer that's running the SQL Server 2014 Express installer in unattended mode.
Basically, it's creating a command-line and running the setup.
My problem is that I need to be able to connect to the installed instance as admin using SQL Server authentication.
The command-line already contains /SECURITY MODE=SQL. I can create a SQL login and login successfully, so that part of the problem works fine.
My problem is that while I can see sa in sys.server_principals, it's flagged as is_disabled, and I can't login using it.
Is there a way, when running the SQL Server 2014 install unattended, to pass command line arguments that will have it enable sa so I can successfully login using it?
Or some other login, if that's easier.
What I need is a sql_login that I can use to connect to the database as an db administrator without regard for the permissions of the logged-in windows user, after having run the installer in unattended mode.
The full commandline args:
/QS /IACCEPTSQLSERVERLICENSETERMS /ACTION=Install /FEATURES=SQL
/INSTANCENAME=SQLEXPRESS /SAPWD="SQLSVCPASSWORD"
If I login to Windows using an admin account, I can connect to the database using Windows authentication. I can then create a normal SQL Server login. With that, I can then login using SQL Server authentication and that account.
So I'm certain the DB is in mixed mode. And this:
Exec xp_instance_regread N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'LoginMode'
returns '2'.
My problem is that I need the users to be able to run the software without being a windows admin. And part of what the software needs to be able to do is to drop and create databases, within the instance.
So I need SQL admin permissions, without depending upon the windows user having elevated permissions.
===
The setup tool I'm using is configured using XML files that contain, in them, LUA scripts that build and run the Windows Installer package command lines. Between the nested languages and various levels of escaping, I'd not noticed that the "/SECURITYMODE=SQL" argument was commented out, and not included in the command line.
With it included in the command line, the "sa" user is enabled.
TL;RD If you want the "sa" user enabled, after an install, include "/SECURITYMODE=SQL" on the command line.
You need to specify /SAPWD as well when using /SECURITYMODE=SQL. I am not sure, but if you do not specify the password, it will be disabled by default.
Have a look at this article https://learn.microsoft.com/en-us/sql/database-engine/install-windows/install-sql-server-from-the-command-prompt?view=sql-server-2017 for more information.
Related
I'm trying to connect to SQL Server by using Windows Authentication with Microsoft SQL Server Management Studio. I have several users created on the machine that runs SQL Server.
Login dialog box won't allow to select other users, except the one that is logged in for the current Windows session.
How can I log into Management Studio as a different user?
Proven by many years way of impersonation: a shortcut or bat to run SSMS:
runas.exe /noprofile /netonly /user:YourDomain\YourAccount ssms
The drawback: the password of AD user to be entered every time you hit that shortcut
If you have few versions of management studio, just replace ssms with a full path to required executable
When SSMS is started then connect to a remote server using windows authentication.
Another way is to impersonate that user after you made a login using your credentials:
USE master
EXECUTE AS LOGIN='Domain\AnotherUser'
SELECT SYSTEM_USER
However, this will require your account to have IMPERSONATE or SysAdmin permissions. Impersonation can be granted by:
GRANT IMPERSONATE ANY LOGIN TO [Domain\YourAdAccount]
Right-click the SSMS icon, hold Shift, then right-click Microsoft SQL Server Management Studio with the year of the version you have installed and select Run as Different User. You will be prompted for Windows login credentials that will be used in Windows authentication in SSMS. You can use another Windows account here and then use SSMS as you typically would without making any additional changes.
I am installing an app and I am at the point where I am supposed to provide the server details. I installed SQL Server Express and I also installed SQL Server Management Studio.
This is the screenshot:
I did execute this command
select ##servername
but I got this response:
I am running this on my local machine. How can I find the database server address and also the server password?.
PS: I do not remember setting any password when installing SQL Server.
Thanks.
When you executed the command select ##servername, how were you connected to the server? Running that command required knowing the servername and authentication of some kind. I'm guessing you were connected to DESKTOP-KOJLCIF\SQLEXPRESS or .\SQLEXPRESS using windows authentication.
When you installed SQL Express, there was an option for Windows Authentication or SQL Server + Windows (aka Mixed Mode) Authentication. If you chose Windows Authentication (which is the default if I recall), you will not have SQL Server usernames or passwords.
The app you are installing appears to required SQL Auth, so you need to pick Mixed Mode in your setup (which allows both Windows Auth and SQL Auth). You can find this setting in recent versions of SQL Server Management Studio by right-clicking your database server in object explorer, going to Properties, and then looking at the Security page. Older versions of SQL require going to another tool included in the installation folders-- server configuration or some such, the name escapes me. Change the authentication to "SQL Server and Windows Authentication mode". I believe a SQL Server restart is required after doing this.
You can then create SQL logins with username and passwords and appropriate permissions using the GUI in SSMS (expand security folder under your server and look at the logins sub folder) or via CREATE LOGIN t-sql command.
There is a fixed sql login called 'sa' that will always exist if SQL Auth is enabled. You could right click this login, go to properties, and change the password. Be careful giving out your sa credentials to an app, as that can control the entire server.
How on earth do you reset the sa password? I know how to go into the dialogs and reset a password. That's now what I'm asking about. It runs a little deeper than just click, click, new password, done!
I have no idea what the SA password is. Nor does the previous user of this machine. The previous user says he never had SQL Express ever running on this machine.
This journey started when I tried to create a new database and was told I didn't have permissions to do so. Okay, I decided to just give myself the appropriate permissions. Nope, I can't give myself nor anyone else permissions.
I tried changing the password using SSMS. I get a message saying I don't have permissions to change it.
I tried using the following SQL script. Again, no permissions.
GO
ALTER LOGIN [sa] WITH DEFAULT_DATABASE=[master]
GO
USE [master]
GO
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword' MUST_CHANGE
GO
The database is SQL Server 2008 Express (10.0.2531.0).
SQL Server Management Studio is SSMS 2008.
OS is Windows 7 Enterprise
I'm a local admin, and a domain user. I created a local admin account for logging into SSMS
Machine is on a domain.
I have no problems connecting to our network database servers.
Any suggestions? This could be a simple fix. Thanks...
This should help: start SQL Server in single-user mode. This will allow local administrators to connect as a sysadmin fixed server role. A detailed description of how to do this can be found here.
people also can try to change password this way by the below SP
EXEC sp_password NULL, 'yourpassword', 'sa'
hope may help other. thanks
You could use: Reset-DbaAdmin Powershell cmdlet from https://dbatools.io.
This function allows administrators to regain access to local or remote SQL Servers by either resetting the sa password, adding sysadmin role to existing login, or adding a new login (SQL or Windows) and granting it sysadmin privileges.
This is accomplished by stopping the SQL services or SQL Clustered Resource Group, then restarting SQL via the command-line using the /mReset-DbaAdmin paramter which starts the server in Single-User mode, and only allows this script to connect.
Using Reset-DbaAdmin will restart your SQL Server.
Reset-DbaAdmin -SqlServer sqlcluster
The simplest method I've found so far is to run SQL Server Management Studio / SQL Express under the SYSTEM context with Sysinternals PSEXEC app. After installing (copying psexec.exe to your computer, running it and accepting the EULA), you can type the following to invoke a system-context instance:
psexec -s -i <path to ssms.exe/sqlservr.exe>
You can use the GUI and don't require single-user mode to effect changes. I had problems with an unknown client tying up the snigle-user connection and this saved me.
I have SQL Server 2012 installed as a standalone instance in Windows 8 Enterprise edition. It is running in Mixed-mode. The currently logged in account is a member of local MACHINE\Administrators and the local BUILTIN\Administrators group is in the sysadmin role. For good measure, the current user is also in a MACHINE\SQLAdmins group which is also in the sysadmin role.
When I launch SQL Server Management Studio (SSMS) from the shortcut, I can't use Windows Authentication. I get the following error:
TITLE: Connect to Server
Cannot connect to INSTANCENAME.
ADDITIONAL INFORMATION:
Login failed for user 'MACHINE\user'. (Microsoft SQL Server, Error: 18456)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
In fact, if I launch LinqPad from a shortcut, I can't connect to the server using a connection string which relies on Windows Authentication.
However, if I run SSMS or LinqPad with elevated privileges using RunAs Administrator, I can use Windows Authentication and the experience is as expected.
Alternatively, I can include the RunAs command into the SSMS shortcut like so.
C:\Windows\System32\runas.exe /USER:MACHINE\user "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
Surprisingly, double-clicking the shortcut will prompt for me to enter the password of the current user. However, once that re-authentication occurs, SSMS will allow Windows Authentication of the current user.
The question is, what user is SSMS running under when I double click the shortcut and ultimately, how can I just run LinqPad or SSMS or any other app that connects to the database with Windows Authentication without first elevating my privileges?
Are you by any chance supplying the credentials of the user who installed SQL Server when you use Run as?
See the second answer on this SO question:
In previous versions of SQL the BUILTIN\Administrators group was given
the sysadmin role. Local administrators are not given login privileges
by default in SQL 2008. Only the user performing the install is
defaulted sa privileges. During install you have the option to add
additional users, but you apparently did not.
You will need to login as sa and configure whatever windows logins are
required (such as the local administrator account).
I had the same thing happen, where my user account was a local admin, and yet unable to login until the guy who installed SQL Server added my windows account to the SQL Server logins manually.
In previous versions of SQL the BUILTIN\Administrators group was given the sysadmin role. Local administrators are not given login privileges by default in SQL 2008. Only the user performing the install is defaulted sa privileges. During install you have the option to add additional users, but you apparently did not.
What should I do? I could disable UAC to access the database. Is there a way I could copy the my database but strip the account control informations attached to it? Many thanks.
Read this article for possible options. Excerpt: `After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication. You can use Transact-SQL commands such as "sp_addsrvrolemember" to add an existing login (or a newly created one) to the sysadmin server role.