<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss content posted by Rudy Panigas
»
How to Connect to a SQL 2005 Server When You...
98 posts, Page 2 of 10
««
1
2
3
4
5
»
»»
How to Connect to a SQL 2005 Server When You Are Completely Locked Out
Rate Topic
Display Mode
Topic Options
Author
Message
Rudy Panigas
Rudy Panigas
Posted Tuesday, November 03, 2009 8:27 AM
Old Hand
Group: General Forum Members
Last Login: Yesterday @ 6:36 AM
Points: 306,
Visits: 1,015
Thank you John.
I wrote this article in case you have "no other way" to connect to the SQL server.
Rudy
Post #812966
pmal
pmal
Posted Tuesday, November 03, 2009 8:30 AM
Forum Newbie
Group: General Forum Members
Last Login: Friday, May 03, 2013 8:15 AM
Points: 4,
Visits: 47
einman33 (11/3/2009)
From the article:
The builtin\administrators account has been removed for security reasons
??
This happens if you don't want your outsourced IT Dept. seeing accounting data, such as payroll. SQL Server single user mode must use a separate set of permissions that, when active, allows anyone with local admin permissions rights to the data. So, the IT Dept. could still get into the data if they switched it to single user mode? Nice.
Post #812970
john.vanda
john.vanda
Posted Tuesday, November 03, 2009 8:31 AM
SSC Journeyman
Group: General Forum Members
Last Login: Wednesday, December 22, 2010 10:46 AM
Points: 88,
Visits: 181
einman33 (11/3/2009)
From the article:
The builtin\administrators account has been removed for security reasons
??
What is your question?
Post #812972
john.vanda
john.vanda
Posted Tuesday, November 03, 2009 8:32 AM
SSC Journeyman
Group: General Forum Members
Last Login: Wednesday, December 22, 2010 10:46 AM
Points: 88,
Visits: 181
This happens if you don't want your outsourced IT Dept. seeing accounting data, such as payroll. SQL Server single user mode must use a separate set of permissions that, when active, allows anyone with local admin permissions rights to the data. So, the IT Dept. could still get into the data if they switched it to single user mode? Nice.
I know, right. Very uncomfortable feeling knowing that the network team could still get in if they really wanted to.
Post #812973
pmal
pmal
Posted Tuesday, November 03, 2009 8:35 AM
Forum Newbie
Group: General Forum Members
Last Login: Friday, May 03, 2013 8:15 AM
Points: 4,
Visits: 47
john.vanda (11/3/2009)
This happens if you don't want your outsourced IT Dept. seeing accounting data, such as payroll. SQL Server single user mode must use a separate set of permissions that, when active, allows anyone with local admin permissions rights to the data. So, the IT Dept. could still get into the data if they switched it to single user mode? Nice.
I know, right. Very uncomfortable feeling knowing that the network team could still get in if they really wanted to.
Well, at least I learned something today that I never knew.
Post #812976
Rudy Panigas
Rudy Panigas
Posted Tuesday, November 03, 2009 8:37 AM
Old Hand
Group: General Forum Members
Last Login: Yesterday @ 6:36 AM
Points: 306,
Visits: 1,015
True, but the servers would have to be restarted in single user mode. Hopefully your monitoring systems would alert you that the server has been restarted. You should then review all logs server logs and sql server logs and question your staff as to who and why this server was started in single user mode. I would be getting the security department involved too.
Rudy
Post #812978
harriga.rabie-1008938
harriga.rabie-1008938
Posted Tuesday, November 03, 2009 8:39 AM
Grasshopper
Group: General Forum Members
Last Login: Monday, April 29, 2013 8:54 AM
Points: 10,
Visits: 251
this way is not exact, because when you type sqlcmd -E you will obtain à time out for sql connexion because your account dont existe in sys.logins.
In the case when you have a login , it is not necessary to stop sql service you can access anr execute query like (create bultin\administrators from windows).
The group bultin\administrators allows to system administratot to connect in sysadmin, the best practise is to change the role for this group to "public".
When you install sql server, sql server add news groups like sysadmin login, you can add yout account in this group in order to connect you on sql server.
I repeat, this article is not applied in sql server
Post #812979
harriga.rabie-1008938
harriga.rabie-1008938
Posted Tuesday, November 03, 2009 8:41 AM
Grasshopper
Group: General Forum Members
Last Login: Monday, April 29, 2013 8:54 AM
Points: 10,
Visits: 251
this way is not exact, because when you type sqlcmd -E you will obtain à time out for sql connexion because your account dont existe in sys.logins.
In the case when you have a login , it is not necessary to stop sql service you can access anr execute query like (create bultin\administrators from windows).
The group bultin\administrators allows to system administratot to connect in sysadmin, the best practise is to change the role for this group to "public".
When you install sql server, sql server add news groups like sysadmin login, you can add yout account in this group in order to connect you on sql server.
I repeat, this article is not applied in sql server
Post #812980
ALUN WILLIAMS
ALUN WILLIAMS
Posted Tuesday, November 03, 2009 8:41 AM
Grasshopper
Group: General Forum Members
Last Login: Today @ 3:53 AM
Points: 16,
Visits: 141
The main question (I think) is unanswered:
If you have removed BUILTIN\Administrators and all other administrative access to the SQL instance, how can you log into the SQL instance with administrative access?
Rudy - are you suggesting that by starting the instance in single user mode and using SQLCMD -E that the access can be bypassed? If so, that is news to me.
Post #812981
harriga.rabie-1008938
harriga.rabie-1008938
Posted Tuesday, November 03, 2009 8:42 AM
Grasshopper
Group: General Forum Members
Last Login: Monday, April 29, 2013 8:54 AM
Points: 10,
Visits: 251
this way is not exact, because when you type sqlcmd -E you will obtain à time out for sql connexion because your account dont existe in sys.logins.
In the case when you have a login , it is not necessary to stop sql service you can access anr execute query like (create bultin\administrators from windows).
The group bultin\administrators allows to system administratot to connect in sysadmin, the best practise is to change the role for this group to "public".
When you install sql server, sql server add news groups like sysadmin login, you can add yout account in this group in order to connect you on sql server.
I repeat, this article is not applied in sql server
Post #812984
« Prev Topic
|
Next Topic »
98 posts, Page 2 of 10
««
1
2
3
4
5
»
»»
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
