SQL Server 2000 Standard, Windows 2003
My coworker removed 'BUILTIN\Administrators' group from SQL Server which results in 'SQL Server Agent' not working.
All my TSQLs to synchronize databases stopped working.
I have Administrator rights on the server and my database user is in sysadmin role.
Does any one have idea how to bring 'BUILTIN\Administrators' back without restoring master database from backup?
Edit: When I try to add Administrators or MACHINENAME\Administrators using Enterprise Manager I have this group on the list to choose, but when I accept my choice I have error:
Error 15041: Windows NT user or group 'MACHINENAME\Administrators' not found. Check the name again
of course instead of MACHINENAME I see my server name
Edit2: Found it
Login as sysadmin
Run following TSQL queries
EXEC sp_grantlogin 'BUILTIN\Administrators'
and
EXEC sp_addsrvrolemember 'BUILTIN\Administrators','sysadmin'
You don't want to re-add 'BUILTIN\Administrators' as it is a SQL Server 2000 security flaw. All domain administrators will have full sysadmin rights to your SQL Server to drop databases etc.
Find the account that is running SQL Agent (Right click SQL Server agent in enterprise manager and select properties). Then add this account as a SQL Server login using windows authentication and add it to the sysadmin fixed server role.
Another method is to connect to your SQL Server database with the "NT AUTHORITY\SYSTEM" account. This approach requires you to start SQL Server Management Studio as the system account. After connect, you can create a new login or reset sa password.
Using Enterprise Manager, can't you just go into Logins and add "Administrators" as a Windows Login to the server? Then add the login to the sysadmin role?
If you can't use "Administrators", try "MACHINENAME\Administrators" (obviously substituting MACHINENAME for the actual name).
Sorry I don't have a more definitive answer, I don't really want to try it :)
Related
I had installed SQL server 2012 using windows authentication and attached a database that is on my C drive. Domain server failed and we have to rebuild domain server. The domain server name is now changed to new name. When I try to log in to the SQL 2012 Studio, I can not log in and I am getting an error login failed for the user.
All we did was add a letter to the domain server. Could someone direct how to correct the issue as SQL server 2012 studio is not allow me to login?
Thanking you,
Hem
This is about more than just changing the name. Domain memberships involve cyrptographic signatures that must also be replaced. All of the machines in your domain will need to re-join. You'll have a new account on your own machine. Yep, it sucks, and this is one reason why you should always keep at least 2 DCs.
Assuming you don't know any other account info, the only way to get back into the existing Sql Server instance is to restart Sql Server in single-user mode and connect as a local administrator. After you've done this, you'll need to recreate all of your logins.
Since you'll be recreating accounts and permission anyway, another option is to use this as opportunity to upgrade to a more recent Sql Server version. Sql Server 2012 is already major 3 releases behind. Shut down and uninstall the existing Sql Server instance. Install the new version of the Sql Server, where you know the sa login, and then attach to the old database mdf files.
Have you try to login with SQL authentication? (with SA account)
SQL:
DROP LOGIN [OldDomain\UserName]
GO
CREATE LOGIN [NewDomain\UserName] FROM WINDOWS WITH DEFAULT_DATABASE=[master], DEFAULT_LANGUAGE=[us_english]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [NewDomain\UserName]
GO
Then you will be able to login with your new domain name. (Make sure you change the domain name and username in the above SQL)
If you need to recover your sa password? Check this article How to recover SA password
I have a local SQL Server Express 2005, for which I don't know the SA password. I always connected with my NT login and I used that when I created a DB I want to access now.
My company split and I am a member of a new domain now. There are no connections with the old domain anymore. My account resides in the new user domain and is a local administrator on the computer where SQL Server runs.
I can access the Server through the Management Studio, but not my user DB anymore. I am not recognized as a Server Admin anymore either. Obviously, local NT administrators are not automatically mapped to be SQL Admins.
Is there a way to do that at this stage? Can I somehow recover access to the SA level of access?
Thanks in advance.
Not having tried this myself, but running the database in single user mode should give you SQL Server Admin privileges if you are a Windows Administrator on that local machine.
SQLServr.Exe –m
Found a technet post that describes the full procedure:
http://blogs.technet.com/b/sqlman/archive/2011/06/14/tips-amp-tricks-you-have-lost-access-to-sql-server-now-what.aspx
you may find this solution elegant:
https://www.mssqltips.com/sqlservertip/2682/recover-access-to-a-sql-server-instance/#comments
For me it did not work with SQL2016 but as the author states, it worked for him in older versions of MS SQL.
Quotes (from the above link):
Thanks to Mark Russinovich of Sysinternals fame, there is a very painless way to solve this problem without any downtime: PsExec. While it wasn't one of its primary design goals, PsExec allows you to run programs as the NT AUTHORITY\SYSTEM account, which - unlike "regular" Administrator accounts - has inherent access to SQL Server.
PsExec -s -i "C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\Ssms.exe"
Now, you can go in to Security > Logins and add your account as a sysadmin, add other admin accounts, update the sa password, and do anything else you need to do to make your instance manageable. As you can see, I was able to connect in this way to both SQL Server 2008 and SQL Server 2012 instances from an instance of Management Studio 2012.
I am having quite a problem with SQL Server.
When I installed it, my account was not an administrator, now it is. Apparently, since it was not an administrator of the machine, it is not an administrator of SQL Server, as a consequence I cannot create databases on my machine.
Now, I am on Windows 8, so it seems like SQL Server Configuration Manager is not as accesible as it was before, I managed to run it (I THINK!) from the MMC by running the following command: sqlservermanager10.msc.
Now, can anyone help me configure my current user as an SQL Server admin so I can create databases properly?
Thank you!
if I understand you correctly, you want your account to have sysadmin rights on SQL Server. You can either do this via SQL Server Management studio, or the SQLCMD command line utility. You don't use the SQL Server Configuration Manager.
You need to login as an existing SA (or whichever the identity has the sysadmin role).
Using TSQL via SQLCMD
Run the following command (replacing domain\user with your details)
USE [master]
GO
CREATE LOGIN [domain\user] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
ALTER SERVER ROLE [sysadmin] ADD MEMBER [domain\user]
GO
Via the UI
In SQL Server Management Studio
Navigate to the Security node of the server, and R-Click & Select New Login
In the New Login dialog enter your domain user into the Window Authentication box
Then on the Right side select Server Roles and then make sure SysAdmin is selected
Then Ok that dialog and the windows account will have SA rights. This means then you can full administer the SQL Server.
It's not clear at all what's going on here, but it sounds to me like you haven't got any sysadmins if #Preet isn't correct.
The local Administrators group is not a member of the sysadmin role on recent versions of SQL Server (2005+, IIRC), and if I recall the installer complains if you try to configure it that way. Instead, when you install the instance you specify the users or groups who will be granted the sysadmin role on the instance.
If you did not do this (I think it adds the account doing the installation by default) or used an account or group which was later deleted, had the SID changed, or some similar event, then you have an instance with no sysadmin logins that can authenticate. You may be able to add one by switching the server to single user mode or minimal configuration mode (-f instead of -m).
If none of that works, then you'll have to save your database files, nuke the instance, install the instance again, re-attach your database files, and go from there.
The only other thing I can think that it might be is that the instance is somehow running as a user account that doesn't have permissions to create files in the default database or log directory, but that seems highly unlikely.
So I've been tasked to install DNN onto my system. I am using the Microsoft Web Platform Installer. I am being asked for the password for the 'sa' account. I do not know the password for the account. So when I tried to use the Microsoft SQL Server Management software to change the password I get the following message:
"Change password failed for Login 'sa' (Microsoft.SqlServer.Smo)
Additional Information:
An exception occurred while executing a Transact-SQL or batch. (Microsoft.SqlServer.ConnectionInfo)
Cannot alter the login 'sa', because it does not exist or you do not have permission. (Microsoft SQL Server, Error: 15151)"
How would I obtain permission to change the password? Or am I missing the point entirely and should be doing something else to install the software??
I would assume the issue lies with SQL, what steps should I take to rectify this problem??
SQL Server uses either/both of "Windows authentication" and "SQL Server authentication".
By default, MSSQL installs with ONLY "Windows authentication". "sa" requires MSSQL authentication.
SOLUTION:
http://technet.microsoft.com/en-us/library/ms188670.aspx
1) Go into SQL Server Management Studio Object Explorer, right-click the server, and then click Properties.
2) On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
3) In the SQL Server Management Studio dialog box, click OK to acknowledge the requirement to restart SQL Server.
4) In Object Explorer, right-click your server, and then click Restart.
Are you able to login via Windows Authentication and change it that way? If so, that would be the best way to do it.
If the only account that has admin access is the sa account though, then you can try starting SQL server in single user mode and then resetting the sa password. Note that this method requires local admin access to the server itself.
http://sigkillit.com/2013/01/02/recover-sa-password-on-microsoft-sql-server/
Sounds to me like you could login with the SA account into SQL server, it will likely prompt you to change your password (first time logging in) and then you would be good to go after that.
That being said, I never recommend setting up DNN to connect to SQL server with the SA account. Each DNN database should have its own DB user, that way if one DNN install gets compromised for some reason, they can't reach out into other databases on the same server.
EDIT: a little more info
From http://www.christoc.com/Tutorials/All-Tutorials/aid/1
In SQL Server you should go through and create a new database. I always create a database with the same name as the website, so in this case DNNDEV.ME. Once you have created the database, create a user that can access that database. I always use SQL authentication, turn off the enforce password requirements, and give the user DB Owner and Public access to the DNNDEV.ME database. Remember the username and password you create here as you will need them when you walk through the Installation screen for DotNetNuke.
This is rather embarrassing, but I accidentally deleted my Windows account from the list of SQL Server 2008 users and I cannot for the life of me figure out how to re-add myself now that I don't have login privileges.
The server is running on my machine and the only other Windows users with access are IUSR, NETWORK SERVICE and SYSTEM. Is there anything I can do short of re-installing?
I also recently deleted my windows account from my local development 2008 server. I was able to use SQL server's Single User Mode to recreate my login and add it to the sysadmin role. It took just a few minutes, and I didn't have to admit my terrible error to anyone.
From MSDN:
Starting SQL Server in single-user mode enables any member of the
computer's local Administrators group to connect to the instance of SQL
Server as a member of the sysadmin fixed server role.
Here's how I reinstated myself:
Exit out of SSMS
Stop any SQL related services. I had to stop Reporting Services. Other SQL services such as SQL Agent will also use up your one, valuable connection.
Stop the SQL service
Start the SQL service with the extra parameter -m. This will put the SQL into Single User Mode. This means that SQL will only accept one connection.
Use sqlcmd to connect to your server with the -E trusted connection option. SQL will accept you into the sysadmin role if you're a local administrator.
In the interactive session, create your login and add to the sysadmins role.
USE master
GO
CREATE LOGIN [domain\username] FROM WINDOWS WITH DEFAULT_DATABASE=[Master]
GO
EXEC sp_addsrvrolemember #loginame=N'domain\username', #rolename=N'sysadmin'
GO
Stop the SQL service, remove the -m parameter and restart the service. You should now be able to go back into SSMS and continue using the server normally.
If you get the message:
Login failed for user 'domain\username'. Reason: Server is in single user
mode. Only one administrator can connect at this time.
Then there is something using your single connection. You'll need to find that service or connection and stop it before you can log in. Check SQL Agent, SQL Reporting Services, SQL Analysis Services etc.
Luckily, this wasn't too hard to fix (not that it should have been hard...)!
This blog post explains the steps for starting SQL Server in Single User Mode, which (for some reason) allowed me to login as my Windows administrator account, add the account to the user list (with CREATE LOGIN), enable the SA user and set its password to something I actually knew, and finally login as SA and give the Windows account sysadmin privileges.
Edit 07/05/13: Try this link instead.
Often SQL Server is installed so that any any local administrator is a SQL Server sysadmin.
If this is your case you can run Management Studio as administrator and then add any other windows user as a login in the Security section.
This solution worked for me.