Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase ««12

how to disable windows authentication in sql server 2005 Active active cluster Expand / Collapse
Author
Message
Posted Thursday, November 26, 2009 4:06 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, November 20, 2014 10:44 AM
Points: 1,202, Visits: 1,943
Thanx to those who has answered,

Ok Can u just help to prevent windows authentication or windows users disable on the cluster , from AD or from Local windows server Group from anywhere???


Thanks

Post #825141
Posted Thursday, November 26, 2009 6:22 AM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Tuesday, March 4, 2014 10:03 AM
Points: 1,096, Visits: 1,334
Huh?

Please re-phrase your question as it made no sence.


Adam Zacks

-------------------------------------------

Be Nice, Or Leave
Post #825197
Posted Thursday, November 26, 2009 2:45 PM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Yesterday @ 2:25 PM
Points: 2,113, Visits: 877
The account under which the SQL Server service is running on a cluster must be a domain (Windows) account and that account needs SysAdmin rights within SQL Server.

The account under which the Cluster service is running must also be a domain account and must be able to connect to the server. It does not need any specific rights except the public role against the master database (or maybe whatever it's default database is, although I've never tried changing that).

These accounts must be domain accounts. You can tie them down fairly well by using a Windows policy to prevent them being able to log on locally.

Once you've got these accounts set up you can drop all other domain/local Windows accounts if you really want to: the first one we drop is BUILTIN/Administrators.

Note that using Windows authentication is the recommended model in every best practice article I can remember reading, and that is especially so in pre-SQL2k8 versions where the password management of SQL Server accounts is almost impossible to force into regulatory-compliant policies except through external controls.

As the other responders have said, you should be absolutely certain what it is that you're trying to achieve before making any changes, and test them elsewhere before implementing them on your production system.
Post #825371
Posted Thursday, November 26, 2009 10:34 PM


Ten Centuries

Ten CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen CenturiesTen Centuries

Group: General Forum Members
Last Login: Thursday, November 20, 2014 10:44 AM
Points: 1,202, Visits: 1,943
OK on suggestion of all u I will not do any thing...

Thanks

Post #825453
« Prev Topic | Next Topic »

Add to briefcase ««12

Permissions Expand / Collapse