Set pssword for .mdf file in sqlserver.
When you attach a file to someone, I want to ask him the password. In both cases, windows authorization and sqlserver authorization.
You can encrypt a database using tde which will prevent anyone from attaching an mdf file to another instance. It uses certificates and as usual simple talk has a great article as to how to use it and how it works. If someone has the correct certificate they can attach it.
Related
Having an issue getting a SQL Server linked server to Oracle working while using a tnsnames.ora file on a network share.
If I copy the tnsnames.ora file to the local server, the linked servers work fine. However, we keep the file on a network share. My sql service accounts have read access to the share. I configure TNS_ADMIN system variable to the network share, the linked servers no longer work. I get ora-12154: could not resolve the connect identifier specified. tnsping and sqlplus work on the server. When I use process monitor to investigate further, I see:
Operation: createFile
Result: ACCESS DENIED
...
Impersonating: domain\MyLogin
This seems like an issue, but is maybe a false positive? If a process is trying to impersonate my account and access a remote resource it will fail since we don't have Kerberos configured to handle double-hop.
SQLPlus and TNSPing work just fine with the network share configured.
I've looked at this post and tried the items that seemed relevant, but had no success.
Additional Info:
sqlnet.ora has this:
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
I am able to open a file browser as a service account and open the tnsnames file.
I had this same issue while trying to connect a oracle 10g database via my WCF serivce developed in .NET 4.0 framework.
I was having multiple instances of ORACLE installed in my system. So, I modified the ORACLE_HOME to point to the Oracle 10g and it worked.
Also check the following:
Your service name might have an alias, so Make sure that your listener is listening for the same service name that you are using and check for both local and global entries. Check:
$ORACLE_HOME/network/admin/tnsnames.ora
Check your global_name setting with this SQL:
select * from global_name;
Also, Please make sure you add the Key TNS_ADMIN in the registry and create a enviroinment variable with name TNS_ADMIN
Regedit->HKEY_LOCAL_MACHINE->Software->Oracle->RightClick NEW->StringValue and name
Specify the correct path where the oracle is installed for Example
X:oracleproduct32bit10.0.1.0.0NETWORKADMIN
Edit
The below video also looks quite helpful. Please check.
https://www.youtube.com/watch?v=Sec8WG8gQPg
As an Oracle DBA I sometimes have to work with Windows. Maybe you can adopt from my experiences with Oracle on Windows.
Scenario:
An Oracle DB runs under a domain user. I want to restore a database from a backup which is located on a Windows share (sounds like "read" but it obviously isn't). I (or let's say the windows team) did not manage to find the proper way to grant the required permissions.
After many tries, the admins grant "everything" to the entire Oracle server.
Even though the Oracle process runs in a user context we did not find a set of permissions for the user only. Only the permissions for the entire server enabled the restore process to access the data.
From security point of view this is a horrible solution! But maybe it will help you to come closer to a solution (and if so, please share :-)).
I am trying to do single query to a dbf(FoxPro 9) file through
SqlServer, the problem is that this files are located in another domain, so i configured a LinkedServer with a valid remote user and a remote password in the security page of the linked server, and when i try to execute the query i get the error:"Invalid path or file name", but if i open the Windows explorer and go to the location of the dbf files, then i close the explorer and launch again the query, now Works fine, i don't know why, Any idea?
It wouldn't work, if you need to connect using a username and password. If the remote location allows connecting without a username and password then it would work, that is why it works after you manually make the connection. Use a mapped drive as a workaround. OTOH linked server to VFP is not much of a value, I doubt it is worth it.
If authorization is correct it may be a problem with mapped drives. The query is executed on the server so that machine needs to have access. Have you tried windows explorer on the server? Have you tried a UNC path?
I am using an accounting software named BusyWin for almost an year. I set up an admin password in the software. It created two password protected mdb files for storing records. Somehow my database got corrupted(the busywin is giving the error saying it is corrupted; access is just asking for the password), now I am unable to open the same with the busywin software. I also tried to open the mdb file using access but it looks like the password is not same as the one used in BusyWin.
I contacted the developers of BusyWin and they agreed to repair the file for some amount but they are asking me to send the mdb files to their office. The data I have is highly confidential and I cant trust anyone with that.
Please let me know if there is any way to either recover the file or to derive the password from the admin password I have.
Here is the solution, i use this long many year ago. Please follow the some steps:-
First of all backup of your mdb file to other location.
Now click on your backuped mdb file.
It asking for password, enter the password : ILoveMyINDIA
File open in MS-Access check the table for USERS & ADMIN
Now close the file without saving.
reply me: moryasanjay#gmail.com
For SQL Server 2008 Developer Edition on Vista 64 bit:
I tried copying a database using a Vista admin account using the attach/detach method and it failed due to a file permission error so I gave the user that sql services are running as write and modify to the directory. The copy didn't work. I then gave it full control. The copy worked.
Does that make sense?
If I revoke full control from the user, will that cause problems?
The weird thing is that in an existing working database with files in a different directory, there are no special permissions on the directory and files for the database, so why does a copy require full control?
When you detach a DB, the MDF/LDF files may be set with more restricted perms than you expect, like exclusive to the principal that did the detach - maybe the SQL Server service account or the domain account of the user that performed the detach. I have in the past had to manually add back permissions on the files' Properties > Security tab for other users, or else the files act as if they are locked. See also http://www.onupdatecascade.com/2009/07/sql-server-locks-mdf-and-ldf-files-upon.html
also: http://msdn.microsoft.com/en-us/library/ms189128.aspx
( thanks GrumpyOldDBA )
If the server and/or data you are working on does not require those restrictive permissions to be set, you can set a startup flag in SQL Server that will override this function. I understand what Microsoft is going for with this - they assume if you detach a DB they don't want just anyone to walk away with the file; however, I think keeping a good hacker from doing that is easier said than done, and encrypting the DB is the best method for safeguarding data.
Anyway, there is a "Trace Flag 1802" which is oddly named, since it's nothing to do with tracing. You'll want to add it to your SQL startup in SQL Configuration Manager if you want to keep this behavior.
https://support.microsoft.com/en-us/kb/922804
I myself had the same issue and found the answer in StackExchange:
https://dba.stackexchange.com/a/77683/11001
CREATE DATABASE permission denied in database 'master'.
An attempt to attach an auto-named database for file
C:\Documents and Settings\..\App_Data\HelloWorld.mdf failed.
A database with the same name exists, or specified file cannot be
opened, or it is located on UNC share.
I've found these links:
http://blog.benhall.me.uk/2008/03/sql-server-and-vista-create-database.html
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=702726&SiteID=1
Generally the user that you are using to run the SQL Server service will not have access to your personal user folders, that is why you're getting the error. You either need to change the credentials used for the service, or move the database to another folder, which did the trick in your case.
For me helped a lot to set this tag under system.web tag on the web.config file:
<system.web>
<identity impersonate="true" userName="admin_user" password="admin_password" />
...
Hope this can help somebody
I was stuck on this today with compound issue in mvc3 and entity framework code first.
My SqlExpress install is messed up (permissions issues) so I switched to SqlCE.
My ConnectionString.Name attribute didn't match my "ProjectNameContext" class name.
When the connection string isn't found, it uses default conventions. Default conventions means my SqlExpress service with a database name like "ProjectNameContext". The permissions are messed up on that so I got a permissions error on SqlExpress when I thought I was using SqlSE
I was also experiencing the same Problem, finally i find Solution-
SOLUTION -- Is simple Move or Cut your database from the App_Data folder to any where (e.g., Desktop) then Move or Cut back DataBase to App_Data folder.
That is it..........
Hope it work!
Yes, a previous attachment wasn't unattached properly, or it was attached manually. Go in to Management Studio connect to the database, and disconnect the long database name that looks like a file path. Then try again it should work.
My friend fixed it by just using another directory, namely C:\TEMP. I think it was just a permissions thing.
for some guys like me,add "User Instance=true" to your connection string