What's the permission required to stop/start an SQL Server service?
I just created a login (SQL Authentication, public server role, no special permission, no database mapping) and found I can stop/restart the SQL instance through SSMS with this login. This is not what I want.
SSMS does not restart the service with the login you ue to perform queries with it, it uses the desktop/rdp user.
If you are logged into your desktop as a domain admin or local admin of the server your are connected to, and run SSMS from that desktop, you will be able to restart the SQL service. You can also restart the sql service as that user from the services.msc MMC.
Related
I am trying to connect to a remote database with SQL authentication, from an application running as “local admin” on another machine.
I have an SQL database on one machine.
I have mixed mode authentication.
I have an application that launches on another machine, which runs as “local admin”, which means it has to connect to the database with SQL authentication.
As far I know, the application cannot run as anything other than a “local admin” account because it is launched remotely using WMI. I do not want to require as service running on the machine in order to launch the application.
But it can only connect to the database if I give the SQL account “sysadmin” rights on the “server”, so that the “local admin” account can login to the database.
Is there a way to allow an application running as “local admin” to login to the database without being “sysadmin”?
the database already had an account of the same name, which was "SQL account without login" so I had to remove it, so when I added the account to the server, it would recreate it in the database with login.
I had an unexpected system crash and had to setup SQL Server 2016 again. I can connect to the server from SSMS if I use a Windows authentication account, but not via any login created. I keep getting an error 18456:
Login failed for user 'sa'
Steps:
I have enabled SA login and gave it a password but cannot connect via SSMS
I have created another login and matched it to my project database, the project database now has the login under its users but again, I cannot log in.
SSMS is installed on the actual db server so I doubt this is a remote login issue, but as the db server is isolated from the actual site I would like to update this if needed.
Any ideas would greatly be appreciated!
Did you enable the mixed mode authentication?
Did you restart SQL services after changing the mixed mode authentication?
Some of the server level properties takes only after a SQL restart , one such is authentication modes.
Usually a SQL Service problem.
Start - > View Local Services -> SQL Server(SQLEXPRESS) > restart it
In SSMS, I'm trying to use the "Deploy Database to SQL Azure Database" utility.
I'm moving a small local database in SQL Server 2012 to Azure for hosting. But after entering the host database server connection parameters I always get a "Login Failed for user,...." error, referencing the name of the local database to be created on the server.
Why this would fail is unclear, since the database does not exist on the cloud server yet. Here is what I have done:
Set up a firewall exception for my local IP address.
Confirmed my server administrator user name and password
So now I am left guessing... Locally I use Windows Authentication. If a database is to be moved to the server, does it have to have SQL Server authentication, as is required on Azure host?
You need to have the SQL server Authentication enabled in order to be able to login to your database when you move it to Azure.
Once, you login through SQL server authentication, you can create your users then and have different logins for different users.
Hope this helps!
The requirement is to find which OS user logs in to a SQL Server database whenever the login is Windows Authentication or SQL Server authentication. Need to know WHO (AD account on the client PC) used which db account logged into SQL Server with what application.
The problem is I could not get the client's OS username when a SQL Server authentication user logs in.
For example, I used my AD account Domain name on a laptop, laptop123. Domain name is Stackoverflow, username is developer1, started Microsoft SQL Server Management Studio, connected with DB account (SQL Server authentication) ERPAPPUSER. I need to record the domain user Stackoverflow/developer1.
I can easily get the information that user ERPAPPUSER logged in from laptop123 using Microsoft SQL Server Management Studio.
I created a database logon trigger and could get the client username, hostname, logon time, application name and so on, but could not get the client OS username.
CREATE TRIGGER DB_ServerLogon
ON ALL SERVER
WITH EXECUTE AS 'sa'
FOR LOGON
AS
BEGIN
INSERT INTO audit_history.dbo.db_logon_history
SELECT
ORIGINAL_DB_NAME(),
ORIGINAL_LOGIN(),
##SPID,GETDATE(),
HOST_NAME(),
APP_NAME()
END
GO
Many thanks!
-- Added 'WITH EXECUTE AS 'as' ', otherwise for all users who don't have access to the db_logon_history will not be able to login.
Short answer is no, it is not possible.
Long answer, SQL Server supports 2 security modes. These are a) "Windows Authenitcation mode" and b) "Mixed Mode" - which is "SQL Server and Windows Authentication Mode". This second mode means that you can log in with a SQL Server login or a Windows Account. The Windows Account would be the same as in (a) above. Now when you log in with Windows it is a trusted connection, so you have to have the Windows Account/Group authorized to access your SQL Server instance. The connection is authentication against a token which is created when the user logs in to windows. This token is passed to SQL Server and can thus be parsed to return the information that you have described above. However when you log on with SQL Server Mode you are not logging on with a domain account and thus no domain account is passed to SQL Server. Rather you log in with a SQL Server native account that is running in the context of the server. Now, you could be logging on with any sort of device, not just a windows client. If you wish to pass the client details to SQL Server when using SQL Server mode, you have to pass it as a parameter from the front end. i.e. using a stored procedure or similar. (Good question by the way. and well asked.)
This is rather embarrassing, but I accidentally deleted my Windows account from the list of SQL Server 2008 users and I cannot for the life of me figure out how to re-add myself now that I don't have login privileges.
The server is running on my machine and the only other Windows users with access are IUSR, NETWORK SERVICE and SYSTEM. Is there anything I can do short of re-installing?
I also recently deleted my windows account from my local development 2008 server. I was able to use SQL server's Single User Mode to recreate my login and add it to the sysadmin role. It took just a few minutes, and I didn't have to admit my terrible error to anyone.
From MSDN:
Starting SQL Server in single-user mode enables any member of the
computer's local Administrators group to connect to the instance of SQL
Server as a member of the sysadmin fixed server role.
Here's how I reinstated myself:
Exit out of SSMS
Stop any SQL related services. I had to stop Reporting Services. Other SQL services such as SQL Agent will also use up your one, valuable connection.
Stop the SQL service
Start the SQL service with the extra parameter -m. This will put the SQL into Single User Mode. This means that SQL will only accept one connection.
Use sqlcmd to connect to your server with the -E trusted connection option. SQL will accept you into the sysadmin role if you're a local administrator.
In the interactive session, create your login and add to the sysadmins role.
USE master
GO
CREATE LOGIN [domain\username] FROM WINDOWS WITH DEFAULT_DATABASE=[Master]
GO
EXEC sp_addsrvrolemember #loginame=N'domain\username', #rolename=N'sysadmin'
GO
Stop the SQL service, remove the -m parameter and restart the service. You should now be able to go back into SSMS and continue using the server normally.
If you get the message:
Login failed for user 'domain\username'. Reason: Server is in single user
mode. Only one administrator can connect at this time.
Then there is something using your single connection. You'll need to find that service or connection and stop it before you can log in. Check SQL Agent, SQL Reporting Services, SQL Analysis Services etc.
Luckily, this wasn't too hard to fix (not that it should have been hard...)!
This blog post explains the steps for starting SQL Server in Single User Mode, which (for some reason) allowed me to login as my Windows administrator account, add the account to the user list (with CREATE LOGIN), enable the SA user and set its password to something I actually knew, and finally login as SA and give the Windows account sysadmin privileges.
Edit 07/05/13: Try this link instead.
Often SQL Server is installed so that any any local administrator is a SQL Server sysadmin.
If this is your case you can run Management Studio as administrator and then add any other windows user as a login in the Security section.
This solution worked for me.