Database protection

Is there a way to prevent users from logging into an MSDE database instance?
I created an MSDE instance using a strong SA password but I was still able
to logging to the database using Windows Authentication.
The reason I don't want the user to see the database is because the database
structure that I am distributing (MSDE) is exactly the same as the one I
have online. If I let the user peek into my MSDE database they might find a
way to mess-up the database that is online. I just don't want to take the
risk.
Also, is stored procedure encryption easily bypassed if I logon as a
database administrator?
Thanks.
If you don=B4t want Windows Authentication, disable it:
http://support.microsoft.com/default...;EN-US;q285097
INF: How to Change the Default Login Authentication Mode to SQL While
Installing SQL Server 2000 Desktop Engine by Using Windows Installer
<snip>
Another way to change the security mode after installation is to stop
SQL Server and set the appropriate registry key for your installation:
Default instance:
HKLM\Software\Microsoft\MSSqlserver\MSSqlServer\Lo ginMode
Named instance:
HKLM\Software\Microsoft\Microsoft SQL Server\Instance
Name\MSSQLServer\LoginMode
to 2 for mixed-mode or 1 for integrated. (Integrated is the default
setup for the SQL Server 2000 Data Engine.)
</snip>
-URL---
HTH, Jens Suessmeyer.
|||Hello,
I notice you have posted the same question in our SQLServer newsgroup,
which I have already responded. So please check my answer there and if you
need any further assistance on this particular issue, please reply to me in
that thread so I can follow up with you in time. Thanks.
Sophie Guo
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
================================================== ===
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
================================================== ===
This posting is provided "AS IS" with no warranties, and confers no rights.
|||hi Jens,
Jens wrote:
> If you dont want Windows Authentication, disable it:
actually you cant disable Windows Authentication... you can disable standard
SQL Server authentication as you described, but not the contrary...
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.15.0 - DbaMgr ver 0.60.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||You sure right, I misunderstood the op.
Thanks.
|||In message <3ot19pF794d7U1@.individual.net>, Andrea Montanari
<andrea.sqlDMO@.virgilio.it> writes
>hi Jens,
>Jens wrote:
>actually you cant disable Windows Authentication... you can disable standard
>SQL Server authentication as you described, but not the contrary...
Correct, however ... you can remove the "BUILTIN\..." Windows users
from the allowed Logins under Security tab to effectively disable the
Windows Users from logging into that instance.
Andrew D. Newbould E-Mail: newsgroups@.NOSPAMzadsoft.com
ZAD Software Systems Web : www.zadsoft.com
|||hi Andrew,
Andrew D. Newbould wrote:
> ...
> Correct, however ... you can remove the "BUILTIN\..." Windows users
> from the allowed Logins under Security tab to effectively disable the
> Windows Users from logging into that instance.
yes, of course, but this has a nasty side effect on MSDE instance, where the
Agent will no longer be able to start up, where you can not use Enterprise
Manager to set up the Win login(s) running the SQL Server and SQL Server
Agent..
until sp4, you could use the http://support.microsoft.com/kb/283811/en-us to
provide the appropriate permissions for that account, but sp4 chaged
something I'm still trying to figure out...
I'm still trying troubleshooting it..
I tryed "propagating" file permissions to all sub folders as described, as
long as assigning registry permissions as
HKLM\Software\Microsoft\MSSQLServer\Setup (READ)
HKLM\Software\Microsoft\MSSQLServer\MSSQLServer (FULL CONTROL)
for the account running SQL Server and
HKLM\Software\Microsoft\MSSQLServer\SQLSERVERAGENT (FULL CONTROL)
HKLM\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSo cketNetLib\LastConnect
(FULL CONTROL)
HKLM\Software\Description\Microsoft\Rpc\UuidTempor aryData (FULL CONTROL)
HKLM\Software\Microsoft\MSSQLServer\Setup (READ)
HKLM\Software\ODBC\ODBC.INI (FULL CONTROL)
for the account running the Agent...
making those accounts member of the local sysadmins WinNT role
it seems to work, but I'm not completely confident about that...
feedback is welcome :D:D
but I definitevely hope kb article 283811 gets updated..
Andrea Montanari
http://www.asql.biz/DbaMgr.shtm
DbaMgr2k ver 0.15.0 - DbaMgr ver 0.60.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply