As part of our SOX checks we use a non-sysadmin account to read all user accounts in the database and look to see what server roles they have and also what database roles each user has on each database.
This worked fine in MSSQL 2000 but I'm having trouble in MSSQL 2005 listing all users using an account that doesn't have either securityadmin or sysadmin. Using a non-admin account I only see roles (db_owner, db_access_admin, db_security_admin, db_ddladmin, etc), public, sa, dbo, guest, INFORMATION_SCHEMA, sys, and the non-admin user doing the select. I don't see any windows-authenticated accounts nor any other database accounts.
I need to read both sys.server_principals and sys.database_principals using a non-privileged account and retrieve information about ALL accounts.
Does anyone have any suggestions how I can get this information?