Is there a way to connect to a remote sql server using management studio with windows credentials other than the current
login credentials?
Right now i remote desktop into the sql server machine and login with the windows credentials that I want to connect with.
Thanks.
Right click the application and choose "Run as different user".
If you are on Vista or Win7, you may need to look at ShellRunAs to create the menu option in your windows shell.
Another alternative in Windows 7 is to use command prompt running as alternative user
runas /user:domain\username CMD
this will start command shell that you can use to launch SSMS application. This approach is also helpful because as long as that instance of "command prompt" is running, you can start and test different applications as they function under that user without having to retype the credentials
Related
How can we pass encrypted password in SQL connection string on PowerShell?
Unable to connect SQL server with NT AUTHORITY\ SYSTEM account. What teps need to be taken to connect to SQL Server with NT Authority\System account?
As checked, I installed PSTools and extract all files in specific location and ran cmd.
With below cmd
psexec -i -s ssms.exe
After running the above cmd, I got :
couldn't install
Access denied
You dont say much about the client and what you are supposed to achieve. The part about psexec is quite hard for me to understand.
You can use credentials in two ways from local network, sql login and windows login. I assume you are attemting to use windows login.
If you, from a windows computer, run a console app or desktop app, you will connect as the user who started the app. In normal terms, you.
Since you get "NT AUTHORITY\SYSTEM", I guess you want to try as similar as possible like a Windows Service. My recommendation is to start the service as a named user "AD\MyServiceAccount". You give access to this user in SQL server.
I recommend you to read about the differences of:
NT AUTHORITY\System
NT AUTHORITY\NetworkService
AD Account
If you are not trying to debug/build a service, but just want to get some sql server data in an desktop application. Use regular tools and your personal account. If not, sql login.
If you want to use the Computer Account, you should use add AD\$ComputerAccount to ACL list on SQLserver.
Note: AD being the name of your Active Directory.
I'm trying to connect to SQL Server by using Windows Authentication with Microsoft SQL Server Management Studio. I have several users created on the machine that runs SQL Server.
Login dialog box won't allow to select other users, except the one that is logged in for the current Windows session.
How can I log into Management Studio as a different user?
Proven by many years way of impersonation: a shortcut or bat to run SSMS:
runas.exe /noprofile /netonly /user:YourDomain\YourAccount ssms
The drawback: the password of AD user to be entered every time you hit that shortcut
If you have few versions of management studio, just replace ssms with a full path to required executable
When SSMS is started then connect to a remote server using windows authentication.
Another way is to impersonate that user after you made a login using your credentials:
USE master
EXECUTE AS LOGIN='Domain\AnotherUser'
SELECT SYSTEM_USER
However, this will require your account to have IMPERSONATE or SysAdmin permissions. Impersonation can be granted by:
GRANT IMPERSONATE ANY LOGIN TO [Domain\YourAdAccount]
Right-click the SSMS icon, hold Shift, then right-click Microsoft SQL Server Management Studio with the year of the version you have installed and select Run as Different User. You will be prompted for Windows login credentials that will be used in Windows authentication in SSMS. You can use another Windows account here and then use SSMS as you typically would without making any additional changes.
I have an installer that's running the SQL Server 2014 Express installer in unattended mode.
Basically, it's creating a command-line and running the setup.
My problem is that I need to be able to connect to the installed instance as admin using SQL Server authentication.
The command-line already contains /SECURITY MODE=SQL. I can create a SQL login and login successfully, so that part of the problem works fine.
My problem is that while I can see sa in sys.server_principals, it's flagged as is_disabled, and I can't login using it.
Is there a way, when running the SQL Server 2014 install unattended, to pass command line arguments that will have it enable sa so I can successfully login using it?
Or some other login, if that's easier.
What I need is a sql_login that I can use to connect to the database as an db administrator without regard for the permissions of the logged-in windows user, after having run the installer in unattended mode.
The full commandline args:
/QS /IACCEPTSQLSERVERLICENSETERMS /ACTION=Install /FEATURES=SQL
/INSTANCENAME=SQLEXPRESS /SAPWD="SQLSVCPASSWORD"
If I login to Windows using an admin account, I can connect to the database using Windows authentication. I can then create a normal SQL Server login. With that, I can then login using SQL Server authentication and that account.
So I'm certain the DB is in mixed mode. And this:
Exec xp_instance_regread N'HKEY_LOCAL_MACHINE', N'Software\Microsoft\MSSQLServer\MSSQLServer', N'LoginMode'
returns '2'.
My problem is that I need the users to be able to run the software without being a windows admin. And part of what the software needs to be able to do is to drop and create databases, within the instance.
So I need SQL admin permissions, without depending upon the windows user having elevated permissions.
===
The setup tool I'm using is configured using XML files that contain, in them, LUA scripts that build and run the Windows Installer package command lines. Between the nested languages and various levels of escaping, I'd not noticed that the "/SECURITYMODE=SQL" argument was commented out, and not included in the command line.
With it included in the command line, the "sa" user is enabled.
TL;RD If you want the "sa" user enabled, after an install, include "/SECURITYMODE=SQL" on the command line.
You need to specify /SAPWD as well when using /SECURITYMODE=SQL. I am not sure, but if you do not specify the password, it will be disabled by default.
Have a look at this article https://learn.microsoft.com/en-us/sql/database-engine/install-windows/install-sql-server-from-the-command-prompt?view=sql-server-2017 for more information.
What should I do? I could disable UAC to access the database. Is there a way I could copy the my database but strip the account control informations attached to it? Many thanks.
Read this article for possible options. Excerpt: `After the SQL Server Instance starts in single-user mode, the Windows Administrator account is able to connect to SQL Server using the sqlcmd utility using Windows authentication. You can use Transact-SQL commands such as "sp_addsrvrolemember" to add an existing login (or a newly created one) to the sysadmin server role.
If I want to log into a SQL Server instance using another Windows account can I do this by simply selecting "SQL Server Authentication" as my authentication mode and entering the DOMAIN/username and password for the account I want to use?
Are there any special settings that I need to set in order to get this to work?
No. 'SQL Server Authentication' works only with SQL Server logins, it won't work with a NT login. To log in as another credential have the process run as the credential you desire to run as. Use runas, most likely you want to run SSMS like this:
runas /netonly /user:domain\user "c:\program files\...\ssms.exe"
By specifying the /netonly argument your SSMS will run with the desired NT credential only for remote hosts, locally will have your local credentials. This not only preserves your SSMS environment (last used files, options etc) and doesn't require domain\user to have local priviledges, but, more importantly, it works even for a completely unrelated domain. That is if you machine is in domain foo (or not even joined to the domain) and the desired runas is in domain bar, the runas /netonly /user:bar\user ... will run just fine.
The /netonly trick works only if the SQL server host you are connecting to is remote (not on the same machine). If is local, then your runas must be locally using the desired credential, so remove the /netonly argument.
If you have Windows 7, you can add credentials for other domains via Control Panel > Administrative Tools > Credential Manager. Map your credentials to each server you want to log into.
Then, log into additional machines using Windows Authentication. I think there is a caveat - it will try to log you in to the server using your current domain/username. IF that is rejected, it will lookup any entries you have for that server in Credential Manager, and if those are valid, you will be logged in.
If I understand the question correctly, the solution it just ship + Right click on your SSMS, that will give you "connect as different user" option and that where you want to put your windows authentication. Domain\User and password.