I want to deploy .net application on client machine.I don't know how to protect my database from from windows authentication.
I want to access my database only from defined sqlserver authenticated user.
I am Using sqlserver 2008 R2.
From MSDN discussion:
You cannot disable Windows Authentication on SQL Server. In fact, SQL
Server recognizes two modes of security:
1) Windows Authentication
2) SQL Server AND Windows Authentication
There's a way out, however. Users of the Adminstrators group of
Windows are able to connect to the SQL Server because there's a login
account in SQL Server for it and is assigned the System Administrators
role. You'll need to delete that login. But before you do so, please
be sure that
1) the security mode is set to SQL Server and Windows, and
2) you know the password of SQL Server's sa login Otherwise, you'll render your SQL Server inaccessible!
To do so, follow these steps:
1) Open SQL Server Enterprise Manager
2) Expand the nodes to reveal your SQL Server instance
3) Expand your SQL Server instance node to reveal the various nodes
4) Expand the Security node and click Logins
5) Right-click the BUILTIN\Administraors login and click Delete, click Yes
when prompted for confirmation
Related
I am installing an app and I am at the point where I am supposed to provide the server details. I installed SQL Server Express and I also installed SQL Server Management Studio.
This is the screenshot:
I did execute this command
select ##servername
but I got this response:
I am running this on my local machine. How can I find the database server address and also the server password?.
PS: I do not remember setting any password when installing SQL Server.
Thanks.
When you executed the command select ##servername, how were you connected to the server? Running that command required knowing the servername and authentication of some kind. I'm guessing you were connected to DESKTOP-KOJLCIF\SQLEXPRESS or .\SQLEXPRESS using windows authentication.
When you installed SQL Express, there was an option for Windows Authentication or SQL Server + Windows (aka Mixed Mode) Authentication. If you chose Windows Authentication (which is the default if I recall), you will not have SQL Server usernames or passwords.
The app you are installing appears to required SQL Auth, so you need to pick Mixed Mode in your setup (which allows both Windows Auth and SQL Auth). You can find this setting in recent versions of SQL Server Management Studio by right-clicking your database server in object explorer, going to Properties, and then looking at the Security page. Older versions of SQL require going to another tool included in the installation folders-- server configuration or some such, the name escapes me. Change the authentication to "SQL Server and Windows Authentication mode". I believe a SQL Server restart is required after doing this.
You can then create SQL logins with username and passwords and appropriate permissions using the GUI in SSMS (expand security folder under your server and look at the logins sub folder) or via CREATE LOGIN t-sql command.
There is a fixed sql login called 'sa' that will always exist if SQL Auth is enabled. You could right click this login, go to properties, and change the password. Be careful giving out your sa credentials to an app, as that can control the entire server.
The requirement is to find which OS user logs in to a SQL Server database whenever the login is Windows Authentication or SQL Server authentication. Need to know WHO (AD account on the client PC) used which db account logged into SQL Server with what application.
The problem is I could not get the client's OS username when a SQL Server authentication user logs in.
For example, I used my AD account Domain name on a laptop, laptop123. Domain name is Stackoverflow, username is developer1, started Microsoft SQL Server Management Studio, connected with DB account (SQL Server authentication) ERPAPPUSER. I need to record the domain user Stackoverflow/developer1.
I can easily get the information that user ERPAPPUSER logged in from laptop123 using Microsoft SQL Server Management Studio.
I created a database logon trigger and could get the client username, hostname, logon time, application name and so on, but could not get the client OS username.
CREATE TRIGGER DB_ServerLogon
ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN
INSERT INTO audit_history.dbo.db_logon_history
SELECT
ORIGINAL_DB_NAME(),
ORIGINAL_LOGIN(),
##SPID,GETDATE(),
HOST_NAME(),
APP_NAME()
END
GO
Many thanks!
-- Added 'WITH EXECUTE AS 'as' ', otherwise for all users who don't have access to the db_logon_history will not be able to login.
Short answer is no, it is not possible.
Long answer, SQL Server supports 2 security modes. These are a) "Windows Authenitcation mode" and b) "Mixed Mode" - which is "SQL Server and Windows Authentication Mode". This second mode means that you can log in with a SQL Server login or a Windows Account. The Windows Account would be the same as in (a) above. Now when you log in with Windows it is a trusted connection, so you have to have the Windows Account/Group authorized to access your SQL Server instance. The connection is authentication against a token which is created when the user logs in to windows. This token is passed to SQL Server and can thus be parsed to return the information that you have described above. However when you log on with SQL Server Mode you are not logging on with a domain account and thus no domain account is passed to SQL Server. Rather you log in with a SQL Server native account that is running in the context of the server. Now, you could be logging on with any sort of device, not just a windows client. If you wish to pass the client details to SQL Server when using SQL Server mode, you have to pass it as a parameter from the front end. i.e. using a stored procedure or similar. (Good question by the way. and well asked.)
Could somebody explain how you can have different databases/security when connecting in via Windows Authentication from when someone connects via SQL authentication?
I have a customer who had to put a computer onto their network. When they did this, the computer name changed. When connecting into SQL it now has a different server name.
The thing is if I connect using a SQL username and password, I get the databases that were installed before. However If I connect using windows authentication, I do not get the database.
I would like to know what needs to be changed in order for windows authentication to see the same as a user logging in via SQL authentication.
How can I go about changing the permissions of windows authentication?
Within SQL Server, there are Logins (at the server level) and Users (at the database level). Your SQL Server login obviously has permission to the database(s) you want to see. The logins can also be windows users and/or groups. So, if you add a named windows user as a server login, you can extend that login as users in different databases. You can do the same thing with a group. So, you could have a single login to your sql server that represents all authenticated users in your domain, etc...
So, I think you need to get into SSMS (SQL Server Management Studio) and see what logins and users are defined on your SQL Server.
When running tomcat 7 as a windows service I can connect SQLServer with SQLServer Authentication but when connecting through Windows Authentication it seems to fail.
From what I know process running under windows services are user independent and run under a user named "SYSTEM" . Is there a way I can add SYSTEM to SQLServer users ?
Every thing seems to work if I run the code via Eclipse i.e. Under a user process.
You need to add a new Login of your Machine (Machine where your service is running) on MS SQL Server machine.
For example your are on domain "DomainName" and your hostname is "MachineName", you need to add a new Login "DomainName\MachineName$" on SQL Server. Note the $ sign at the end indicates that this is a computer name.
Follow the Steps below to add a new login on MS SQL Server:
Open SQL Server Management Studio and Login as 'sa' user.
Open Security -> Logins
Right Click on Logins and New Login...
Enter the Login name "DomainName\MachineName$" in General Tab
Select Windows Authentication radio box
Select tab "Server Roles" and check the box against "sysadmin"
OK and then Restart your SQL Server Service.
So I've been tasked to install DNN onto my system. I am using the Microsoft Web Platform Installer. I am being asked for the password for the 'sa' account. I do not know the password for the account. So when I tried to use the Microsoft SQL Server Management software to change the password I get the following message:
"Change password failed for Login 'sa' (Microsoft.SqlServer.Smo)
Additional Information:
An exception occurred while executing a Transact-SQL or batch. (Microsoft.SqlServer.ConnectionInfo)
Cannot alter the login 'sa', because it does not exist or you do not have permission. (Microsoft SQL Server, Error: 15151)"
How would I obtain permission to change the password? Or am I missing the point entirely and should be doing something else to install the software??
I would assume the issue lies with SQL, what steps should I take to rectify this problem??
SQL Server uses either/both of "Windows authentication" and "SQL Server authentication".
By default, MSSQL installs with ONLY "Windows authentication". "sa" requires MSSQL authentication.
SOLUTION:
http://technet.microsoft.com/en-us/library/ms188670.aspx
1) Go into SQL Server Management Studio Object Explorer, right-click the server, and then click Properties.
2) On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
3) In the SQL Server Management Studio dialog box, click OK to acknowledge the requirement to restart SQL Server.
4) In Object Explorer, right-click your server, and then click Restart.
Are you able to login via Windows Authentication and change it that way? If so, that would be the best way to do it.
If the only account that has admin access is the sa account though, then you can try starting SQL server in single user mode and then resetting the sa password. Note that this method requires local admin access to the server itself.
http://sigkillit.com/2013/01/02/recover-sa-password-on-microsoft-sql-server/
Sounds to me like you could login with the SA account into SQL server, it will likely prompt you to change your password (first time logging in) and then you would be good to go after that.
That being said, I never recommend setting up DNN to connect to SQL server with the SA account. Each DNN database should have its own DB user, that way if one DNN install gets compromised for some reason, they can't reach out into other databases on the same server.
EDIT: a little more info
From http://www.christoc.com/Tutorials/All-Tutorials/aid/1
In SQL Server you should go through and create a new database. I always create a database with the same name as the website, so in this case DNNDEV.ME. Once you have created the database, create a user that can access that database. I always use SQL authentication, turn off the enforce password requirements, and give the user DB Owner and Public access to the DNNDEV.ME database. Remember the username and password you create here as you will need them when you walk through the Installation screen for DotNetNuke.