I have SQL Server 2012 installed as a standalone instance in Windows 8 Enterprise edition. It is running in Mixed-mode. The currently logged in account is a member of local MACHINE\Administrators and the local BUILTIN\Administrators group is in the sysadmin role. For good measure, the current user is also in a MACHINE\SQLAdmins group which is also in the sysadmin role.
When I launch SQL Server Management Studio (SSMS) from the shortcut, I can't use Windows Authentication. I get the following error:
TITLE: Connect to Server
Cannot connect to INSTANCENAME.
ADDITIONAL INFORMATION:
Login failed for user 'MACHINE\user'. (Microsoft SQL Server, Error: 18456)
For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft%20SQL%20Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476
In fact, if I launch LinqPad from a shortcut, I can't connect to the server using a connection string which relies on Windows Authentication.
However, if I run SSMS or LinqPad with elevated privileges using RunAs Administrator, I can use Windows Authentication and the experience is as expected.
Alternatively, I can include the RunAs command into the SSMS shortcut like so.
C:\Windows\System32\runas.exe /USER:MACHINE\user "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
Surprisingly, double-clicking the shortcut will prompt for me to enter the password of the current user. However, once that re-authentication occurs, SSMS will allow Windows Authentication of the current user.
The question is, what user is SSMS running under when I double click the shortcut and ultimately, how can I just run LinqPad or SSMS or any other app that connects to the database with Windows Authentication without first elevating my privileges?
Are you by any chance supplying the credentials of the user who installed SQL Server when you use Run as?
See the second answer on this SO question:
In previous versions of SQL the BUILTIN\Administrators group was given
the sysadmin role. Local administrators are not given login privileges
by default in SQL 2008. Only the user performing the install is
defaulted sa privileges. During install you have the option to add
additional users, but you apparently did not.
You will need to login as sa and configure whatever windows logins are
required (such as the local administrator account).
I had the same thing happen, where my user account was a local admin, and yet unable to login until the guy who installed SQL Server added my windows account to the SQL Server logins manually.
In previous versions of SQL the BUILTIN\Administrators group was given the sysadmin role. Local administrators are not given login privileges by default in SQL 2008. Only the user performing the install is defaulted sa privileges. During install you have the option to add additional users, but you apparently did not.
Related
I'm trying to connect to SQL Server by using Windows Authentication with Microsoft SQL Server Management Studio. I have several users created on the machine that runs SQL Server.
Login dialog box won't allow to select other users, except the one that is logged in for the current Windows session.
How can I log into Management Studio as a different user?
Proven by many years way of impersonation: a shortcut or bat to run SSMS:
runas.exe /noprofile /netonly /user:YourDomain\YourAccount ssms
The drawback: the password of AD user to be entered every time you hit that shortcut
If you have few versions of management studio, just replace ssms with a full path to required executable
When SSMS is started then connect to a remote server using windows authentication.
Another way is to impersonate that user after you made a login using your credentials:
USE master
EXECUTE AS LOGIN='Domain\AnotherUser'
SELECT SYSTEM_USER
However, this will require your account to have IMPERSONATE or SysAdmin permissions. Impersonation can be granted by:
GRANT IMPERSONATE ANY LOGIN TO [Domain\YourAdAccount]
Right-click the SSMS icon, hold Shift, then right-click Microsoft SQL Server Management Studio with the year of the version you have installed and select Run as Different User. You will be prompted for Windows login credentials that will be used in Windows authentication in SSMS. You can use another Windows account here and then use SSMS as you typically would without making any additional changes.
I do not remember the serverauthentication password, so I am using windows authentication. I am not able to do anything.
You need to fulfill the following requirements:
you must be a member of Local Administrators group on the computer where the SQL Server is running.
The SQL Server service must be run under the LocalSystem account.
In this case, when connecting using Windows Authentication, you can check if you have any permissions (check the Logins sub-section of the Security section in the SSMS. If the NT AUTHORITY\SYSTEM is shown there, you can add the needed database. Otherwise you need to bethink the sysadmin login & password.
I am having quite a problem with SQL Server.
When I installed it, my account was not an administrator, now it is. Apparently, since it was not an administrator of the machine, it is not an administrator of SQL Server, as a consequence I cannot create databases on my machine.
Now, I am on Windows 8, so it seems like SQL Server Configuration Manager is not as accesible as it was before, I managed to run it (I THINK!) from the MMC by running the following command: sqlservermanager10.msc.
Now, can anyone help me configure my current user as an SQL Server admin so I can create databases properly?
Thank you!
if I understand you correctly, you want your account to have sysadmin rights on SQL Server. You can either do this via SQL Server Management studio, or the SQLCMD command line utility. You don't use the SQL Server Configuration Manager.
You need to login as an existing SA (or whichever the identity has the sysadmin role).
Using TSQL via SQLCMD
Run the following command (replacing domain\user with your details)
USE [master]
GO
CREATE LOGIN [domain\user] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [domain\user]
GO
Via the UI
In SQL Server Management Studio
Navigate to the Security node of the server, and R-Click & Select New Login
In the New Login dialog enter your domain user into the Window Authentication box
Then on the Right side select Server Roles and then make sure SysAdmin is selected
Then Ok that dialog and the windows account will have SA rights. This means then you can full administer the SQL Server.
It's not clear at all what's going on here, but it sounds to me like you haven't got any sysadmins if #Preet isn't correct.
The local Administrators group is not a member of the sysadmin role on recent versions of SQL Server (2005+, IIRC), and if I recall the installer complains if you try to configure it that way. Instead, when you install the instance you specify the users or groups who will be granted the sysadmin role on the instance.
If you did not do this (I think it adds the account doing the installation by default) or used an account or group which was later deleted, had the SID changed, or some similar event, then you have an instance with no sysadmin logins that can authenticate. You may be able to add one by switching the server to single user mode or minimal configuration mode (-f instead of -m).
If none of that works, then you'll have to save your database files, nuke the instance, install the instance again, re-attach your database files, and go from there.
The only other thing I can think that it might be is that the instance is somehow running as a user account that doesn't have permissions to create files in the default database or log directory, but that seems highly unlikely.
Just installed SQL Server Management Studio with Tools including LocalDB. Went through entire setup without ever seeing an option to set the sa password nor setup any other users/logins with sysadmin rights. So now I can't actually do anything in SSMS. Permission is denied to create new database, change the sa password, etc. Pretty useless until I can either log in as sa or setup my user with sysadmin rights. What am I missing here?
During setup you should have seen a screen that offered you to choose mixed authentication for the database engine and also add Windows users to the sysadmin server role. Here's what it looked like:
Chances are you blew past it clicking Next > Next > Next. It's ok, we've all done that.
The easiest fix, I think, is to connect using SSMS via PSExec.exe. This will allow you to connect as NT AUTHORITY\SYSTEM, which has inherent sysadmin rights to SQL Server. You launch it with these options:
PsExec -s -i "C:\...path to ssms...\Ssms.exe"
This will run SSMS as NT AUTHORITY\SYSTEM using Windows Auth. You will be prompted to connect to a server, just enter .\SQLEXPRESS (make sure the service is running):
Then you can right-click your instance and change the authentication mode to mixed (Properties > Security), reset the sa password under Security > Logins, and add your Windows login as a sysadmin.
You can also see this answer if that doesn't get you everything:
https://stackoverflow.com/a/12164306/61305
This is rather embarrassing, but I accidentally deleted my Windows account from the list of SQL Server 2008 users and I cannot for the life of me figure out how to re-add myself now that I don't have login privileges.
The server is running on my machine and the only other Windows users with access are IUSR, NETWORK SERVICE and SYSTEM. Is there anything I can do short of re-installing?
I also recently deleted my windows account from my local development 2008 server. I was able to use SQL server's Single User Mode to recreate my login and add it to the sysadmin role. It took just a few minutes, and I didn't have to admit my terrible error to anyone.
From MSDN:
Starting SQL Server in single-user mode enables any member of the
computer's local Administrators group to connect to the instance of SQL
Server as a member of the sysadmin fixed server role.
Here's how I reinstated myself:
Exit out of SSMS
Stop any SQL related services. I had to stop Reporting Services. Other SQL services such as SQL Agent will also use up your one, valuable connection.
Stop the SQL service
Start the SQL service with the extra parameter -m. This will put the SQL into Single User Mode. This means that SQL will only accept one connection.
Use sqlcmd to connect to your server with the -E trusted connection option. SQL will accept you into the sysadmin role if you're a local administrator.
In the interactive session, create your login and add to the sysadmins role.
USE master
GO
CREATE LOGIN [domain\username] FROM WINDOWS WITH DEFAULT_DATABASE=[Master]
GO
EXEC sp_addsrvrolemember #loginame=N'domain\username', #rolename=N'sysadmin'
GO
Stop the SQL service, remove the -m parameter and restart the service. You should now be able to go back into SSMS and continue using the server normally.
If you get the message:
Login failed for user 'domain\username'. Reason: Server is in single user
mode. Only one administrator can connect at this time.
Then there is something using your single connection. You'll need to find that service or connection and stop it before you can log in. Check SQL Agent, SQL Reporting Services, SQL Analysis Services etc.
Luckily, this wasn't too hard to fix (not that it should have been hard...)!
This blog post explains the steps for starting SQL Server in Single User Mode, which (for some reason) allowed me to login as my Windows administrator account, add the account to the user list (with CREATE LOGIN), enable the SA user and set its password to something I actually knew, and finally login as SA and give the Windows account sysadmin privileges.
Edit 07/05/13: Try this link instead.
Often SQL Server is installed so that any any local administrator is a SQL Server sysadmin.
If this is your case you can run Management Studio as administrator and then add any other windows user as a login in the Security section.
This solution worked for me.