Is there a way to prevent users from logging into an MSDE database instance?
I created an MSDE instance using a strong SA password but I was still able
to logging to the database using Windows Authentication.
The reason I don't want the user to see the database is because the database
structure that I am distributing (MSDE) is exactly the same as the one I
have online. If I let the user peek into my MSDE database they might find a
way to mess-up the database that is online. I just don't want to take the
risk.
Also, is stored procedure encryption easily bypassed if I logon as a
database administrator?
Thanks.Rene
Create a new Login (DD) in SQL Server and and don't CRANT permission it to
the database. Now, when the user login with as DD he/she will not be able
access to the database
"Rene" <nospam@.nospam.com> wrote in message
news:uwzGIpbuFHA.2072@.TK2MSFTNGP14.phx.gbl...
> Is there a way to prevent users from logging into an MSDE database
> instance? I created an MSDE instance using a strong SA password but I was
> still able to logging to the database using Windows Authentication.
> The reason I don't want the user to see the database is because the
> database structure that I am distributing (MSDE) is exactly the same as
> the one I have online. If I let the user peek into my MSDE database they
> might find a way to mess-up the database that is online. I just don't want
> to take the risk.
> Also, is stored procedure encryption easily bypassed if I logon as a
> database administrator?
> Thanks.
>|||Thanks Uri
But if the user is logged on to Windows as an Administrator, doesn't this
user also has Admin right to the database by default? If this is the case,
even if I create a new database user it won't help because the person logged
into Windows as an administrator can automatically logging as "SA". Is this
the right?
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:eCCe1OcuFHA.3452@.TK2MSFTNGP14.phx.gbl...
> Rene
> Create a new Login (DD) in SQL Server and and don't CRANT permission it
> to the database. Now, when the user login with as DD he/she will not be
> able access to the database
>
>
> "Rene" <nospam@.nospam.com> wrote in message
> news:uwzGIpbuFHA.2072@.TK2MSFTNGP14.phx.gbl...
>|||Hello,
You can use sp_grantlogin to allow a Microsoft Windows NT user or group
account to connect to Microsoft SQL Server using Windows Authentication.
Use sp_denylogin to prevent a Microsoft Windows NT user or group from
connecting to Microsoft SQL Server. For example, you can run
sp_denylogin 'builtin\administrators'
to prevent from administrator to connect to SQL Server. However, make sure
you have the SA password and the authentication mode is mixed-mode before
you do so.
For more information, refer to the following articles:
http://msdn.microsoft.com/library/d...-us/tsqlref/ts_
sp_ga-gz_8dri.asp
http://msdn.microsoft.com/library/d...-us/tsqlref/ts_
sp_da-di_9jji.asp
I hope the information is helpful.
Sophie Guo
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
========================================
=============
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
========================================
=============
This posting is provided "AS IS" with no warranties, and confers no rights.|||Well, don't permit them to connect as Administrators if you want to
implement the policy.
Remove them from 'Windows Administrators' and add to the newly created Group
only for access to the specific database
"Rene" <nospam@.nospam.com> wrote in message
news:uKoLoucuFHA.3720@.TK2MSFTNGP14.phx.gbl...
> Thanks Uri
> But if the user is logged on to Windows as an Administrator, doesn't this
> user also has Admin right to the database by default? If this is the case,
> even if I create a new database user it won't help because the person
> logged into Windows as an administrator can automatically logging as "SA".
> Is this the right?
>
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:eCCe1OcuFHA.3452@.TK2MSFTNGP14.phx.gbl...
>|||Hi
Have you looked at sp_revokedbaccess?
John
"Rene" <nospam@.nospam.com> wrote in message
news:uwzGIpbuFHA.2072@.TK2MSFTNGP14.phx.gbl...
> Is there a way to prevent users from logging into an MSDE database
> instance? I created an MSDE instance using a strong SA password but I was
> still able to logging to the database using Windows Authentication.
> The reason I don't want the user to see the database is because the
> database structure that I am distributing (MSDE) is exactly the same as
> the one I have online. If I let the user peek into my MSDE database they
> might find a way to mess-up the database that is online. I just don't want
> to take the risk.
> Also, is stored procedure encryption easily bypassed if I logon as a
> database administrator?
> Thanks.
>|||Hi
If they are administrators and you are worried that they can damage your
system, then access to your new database is not your only problem!
John
"Rene" <nospam@.nospam.com> wrote in message
news:uKoLoucuFHA.3720@.TK2MSFTNGP14.phx.gbl...
> Thanks Uri
> But if the user is logged on to Windows as an Administrator, doesn't this
> user also has Admin right to the database by default? If this is the case,
> even if I create a new database user it won't help because the person
> logged into Windows as an administrator can automatically logging as "SA".
> Is this the right?
>
> "Uri Dimant" <urid@.iscar.co.il> wrote in message
> news:eCCe1OcuFHA.3452@.TK2MSFTNGP14.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment