Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

SQL admin account gone Expand / Collapse
Author
Message
Posted Friday, April 2, 2010 8:52 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, January 26, 2011 2:09 AM
Points: 9, Visits: 69
Hi Guys,

today i see that someone in navision can delete some accounts on sql server using the Navision application.
We kinda solved it by giving me a user account in Navision, so when it is synchronizing accounts it will not delete my admin accounts on that server.

Well here is the question in this.. since people just deny they deleted it or made a mistake..
How can i still prove they actually made a mistake in this?

Any help in this will be greatly appreciated.
Post #895686
Posted Friday, April 2, 2010 9:27 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 6:26 PM
Points: 20,732, Visits: 32,496
In SQL Server 2005 you can create DDL triggers that can capture such events and log them to a table for reporting, and possibly prevent it.

I'd suggest that you start by reading up about DDL triggers in Books Online.



Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Post #895737
Posted Friday, April 2, 2010 9:37 AM


SSC Eights!

SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!SSC Eights!

Group: General Forum Members
Last Login: Today @ 9:33 AM
Points: 908, Visits: 2,580
I supported Navision 4.x years back and it contained a Change Log table that if enabled would log just about everything a user did in Navision. If that account showed within Navisions "user list" I believe it would log if deleted. I used this many times on users that stated "I did not do it".

Another place to check for Navision things is mibuso.com. I got a good bit of information out of this forum. You can also try a script someone published from that site for audit purposes as well: http://www.mibuso.com/dlinfo.asp?FileID=351


Shawn Melton
PS C:\>(Find-Me).TwitterURL
@wsmelton
PS C:\>(Find-Me).BlogURL
meltondba.wordpress.com
Post #895754
Posted Friday, April 2, 2010 9:40 AM


SSC-Dedicated

SSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-DedicatedSSC-Dedicated

Group: Administrators
Last Login: Today @ 4:56 PM
Points: 31,168, Visits: 15,612
There's also the default trace in SQL Server. I'd think it would log a drop of a user. I see a security event if I add one and then drop one

Here's a basic guide: http://www.sqlservercentral.com/articles/SQL+Server+2005/64547/







Follow me on Twitter: @way0utwest

Forum Etiquette: How to post data/code on a forum to get the best help
Post #895760
Posted Sunday, April 4, 2010 8:26 AM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 2:09 PM
Points: 6,465, Visits: 13,918
its worth pointing out that if the deleted account is not spotted straight away, the default trace may not be helpful. Depending how busy the server is as to how quickly the trace files cycle and the data becomes lost.

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs"
Post #896414
Posted Monday, April 5, 2010 5:02 PM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Today @ 4:50 PM
Points: 17,807, Visits: 15,727
I would go with the DDL triggers and audit the database in that regard. This would help ensure that the pertinent action is recorded.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Post #897132
Posted Thursday, April 8, 2010 1:03 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, January 26, 2011 2:09 AM
Points: 9, Visits: 69
Well it seems i found the trace at last were i found the evidence.

Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.
Post #899313
Posted Thursday, April 8, 2010 5:48 AM


SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: Monday, October 6, 2014 5:46 AM
Points: 2,840, Visits: 3,969
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.
its better to keep A DDL trigger just for future prospect.


-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done
Post #899437
Posted Thursday, April 8, 2010 5:52 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, January 26, 2011 2:09 AM
Points: 9, Visits: 69
Oh don't worry its on now all the time..

you never know someone has a thing for deleting something useful.
Post #899440
Posted Thursday, April 8, 2010 10:05 AM


SSCoach

SSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoachSSCoach

Group: General Forum Members
Last Login: Today @ 4:50 PM
Points: 17,807, Visits: 15,727
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.

Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.



That is good to know. Thanks for the feedback.




Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Post #899736
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse