SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


SQL admin account gone


SQL admin account gone

Author
Message
r.rozeboom
r.rozeboom
Valued Member
Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)

Group: General Forum Members
Points: 53 Visits: 69
Hi Guys,

today i see that someone in navision can delete some accounts on sql server using the Navision application.
We kinda solved it by giving me a user account in Navision, so when it is synchronizing accounts it will not delete my admin accounts on that server.

Well here is the question in this.. since people just deny they deleted it or made a mistake..
How can i still prove they actually made a mistake in this?

Any help in this will be greatly appreciated.
Lynn Pettis
Lynn Pettis
SSC Guru
SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)SSC Guru (168K reputation)

Group: General Forum Members
Points: 168485 Visits: 39529
In SQL Server 2005 you can create DDL triggers that can capture such events and log them to a table for reporting, and possibly prevent it.

I'd suggest that you start by reading up about DDL triggers in Books Online.

Cool
Lynn Pettis

For better assistance in answering your questions, click here
For tips to get better help with Performance Problems, click here
For Running Totals and its variations, click here or when working with partitioned tables
For more about Tally Tables, click here
For more about Cross Tabs and Pivots, click here and here
Managing Transaction Logs

SQL Musings from the Desert Fountain Valley SQL (My Mirror Blog)
Shawn Melton
Shawn Melton
SSChampion
SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)SSChampion (10K reputation)

Group: General Forum Members
Points: 10590 Visits: 3570
I supported Navision 4.x years back and it contained a Change Log table that if enabled would log just about everything a user did in Navision. If that account showed within Navisions "user list" I believe it would log if deleted. I used this many times on users that stated "I did not do it".

Another place to check for Navision things is mibuso.com. I got a good bit of information out of this forum. You can also try a script someone published from that site for audit purposes as well: http://www.mibuso.com/dlinfo.asp?FileID=351

Shawn Melton
Twitter: @wsmelton
Blog: blog.wsmelton.info
Steve Jones
Steve Jones
SSC Guru
SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)SSC Guru (250K reputation)

Group: Administrators
Points: 250100 Visits: 19813
There's also the default trace in SQL Server. I'd think it would log a drop of a user. I see a security event if I add one and then drop one

Here's a basic guide: http://www.sqlservercentral.com/articles/SQL+Server+2005/64547/

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Perry Whittle
Perry Whittle
SSC Guru
SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)SSC Guru (103K reputation)

Group: General Forum Members
Points: 103874 Visits: 18004
its worth pointing out that if the deleted account is not spotted straight away, the default trace may not be helpful. Depending how busy the server is as to how quickly the trace files cycle and the data becomes lost. ;-)

-----------------------------------------------------------------------------------------------------------

"Ya can't make an omelette without breaking just a few eggs" ;-)
SQLRNNR
SQLRNNR
SSC Guru
SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)

Group: General Forum Members
Points: 111624 Visits: 18624
I would go with the DDL triggers and audit the database in that regard. This would help ensure that the pertinent action is recorded.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

r.rozeboom
r.rozeboom
Valued Member
Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)

Group: General Forum Members
Points: 53 Visits: 69
Well it seems i found the trace at last were i found the evidence.

Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.
Bhuvnesh
Bhuvnesh
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24212 Visits: 4079
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.
its better to keep A DDL trigger just for future prospect.

-------Bhuvnesh----------
I work only to learn Sql Server...though my company pays me for getting their stuff done;-)
r.rozeboom
r.rozeboom
Valued Member
Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)Valued Member (53 reputation)

Group: General Forum Members
Points: 53 Visits: 69
Oh don't worry its on now all the time..

you never know someone has a thing for deleting something useful.
SQLRNNR
SQLRNNR
SSC Guru
SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)SSC Guru (111K reputation)

Group: General Forum Members
Points: 111624 Visits: 18624
r.rozeboom (4/8/2010)
Well it seems i found the trace at last were i found the evidence.

Ofcourse the dear collegue was still in denal.
But what can you do about that.
Good thing everyone else knows it.



That is good to know. Thanks for the feedback.



Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server, MVP


SQL RNNR

Posting Performance Based Questions - Gail Shaw

Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search