Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Permissions issue in accessing SQLExpress 2008 Expand / Collapse
Author
Message
Posted Tuesday, August 28, 2012 10:18 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 6:36 AM
Points: 76, Visits: 168
Hello --

We have a Windows 7 64-bit distribution workstation running a SQLExpress 2008 database. There is one instance on the system and it comprises of six databases. I have been tasked with setting up a backup solution, but I am having permissions issues accessing the databases.

The server is set up with mixed authentication, and when I initially log into the workstation, I am doing so as a local administrator. I can activate the Studio software, and view the databases in question. However, the local administrator has public level permissions, and cannot gain any other access to the databases. The sa account appears to be disabled on the system.

What makes this situation more puzzling, is the fact that when the database server was initially installed, the following command syntax was used:

Setup.exe /q /ACTION=Install /FEATURES=SQLENGINE,SSMS,SDK /INSTANCENAME="SQLEXPRESS2008" /IAcceptSQLServerLicenseTerms="True" /SECURITYMODE="SQL" /SQLCOLLATION="SQL_Latin1_General_CP1_CS_AS" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /SAPWD=".<password>" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS"


The sa account does have a password associated with it. During the initial login into the Studio, I switched from Mixed to SQL Authentication, and tried logging in as the sa account with the password. This attempt was not successful. Also, correct me if I am wrong, the local administrator account should have sysadmin access by virtue of the switch /SQLSYSADMINACCOUNTS shown in the above quote.

Is there something that I am missing or forgot to do here?

Thanks.
Post #1351088
Posted Tuesday, August 28, 2012 10:36 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
It's a somewhat common practice (not as common as it needs to be) to disable or reduce the permissions of builtin\admin post-installation. Is it possible someone did this? Perhaps the same person who disabled sa?

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1351105
Posted Tuesday, August 28, 2012 10:49 AM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 6:36 AM
Points: 76, Visits: 168
I have a call into the company that set up the system, so I will ask if what you suggested did occur. If that is not the case, what are my options here?
Post #1351117
Posted Tuesday, August 28, 2012 2:09 PM
SSC Journeyman

SSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC JourneymanSSC Journeyman

Group: General Forum Members
Last Login: Tuesday, August 26, 2014 6:36 AM
Points: 76, Visits: 168
Hello --

The company got in touch with me, and its representatives confirmed the necessary accounts were indeed locked out of the system. The end result was the company rebuilding the database server from the ground up. Thanks for the help in any event.
Post #1351239
Posted Wednesday, August 29, 2012 7:20 AM


SSChampion

SSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampionSSChampion

Group: General Forum Members
Last Login: Friday, June 27, 2014 12:43 PM
Points: 13,872, Visits: 9,596
Yeah. It's one of those things that people read the headline, but not the details, then try to do it, and don't realize they're creating a worse problem than they're solving. Happens all the time.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Post #1351601
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse