SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Permissions issue in accessing SQLExpress 2008


Permissions issue in accessing SQLExpress 2008

Author
Message
kaplan71
kaplan71
Old Hand
Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)

Group: General Forum Members
Points: 322 Visits: 329
Hello --

We have a Windows 7 64-bit distribution workstation running a SQLExpress 2008 database. There is one instance on the system and it comprises of six databases. I have been tasked with setting up a backup solution, but I am having permissions issues accessing the databases.

The server is set up with mixed authentication, and when I initially log into the workstation, I am doing so as a local administrator. I can activate the Studio software, and view the databases in question. However, the local administrator has public level permissions, and cannot gain any other access to the databases. The sa account appears to be disabled on the system.

What makes this situation more puzzling, is the fact that when the database server was initially installed, the following command syntax was used:

Setup.exe /q /ACTION=Install /FEATURES=SQLENGINE,SSMS,SDK /INSTANCENAME="SQLEXPRESS2008" /IAcceptSQLServerLicenseTerms="True" /SECURITYMODE="SQL" /SQLCOLLATION="SQL_Latin1_General_CP1_CS_AS" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /SAPWD=".<password>" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS"


The sa account does have a password associated with it. During the initial login into the Studio, I switched from Mixed to SQL Authentication, and tried logging in as the sa account with the password. This attempt was not successful. Also, correct me if I am wrong, the local administrator account should have sysadmin access by virtue of the switch /SQLSYSADMINACCOUNTS shown in the above quote.

Is there something that I am missing or forgot to do here?

Thanks.
GSquared
GSquared
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24619 Visits: 9730
It's a somewhat common practice (not as common as it needs to be) to disable or reduce the permissions of builtin\admin post-installation. Is it possible someone did this? Perhaps the same person who disabled sa?

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
kaplan71
kaplan71
Old Hand
Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)

Group: General Forum Members
Points: 322 Visits: 329
I have a call into the company that set up the system, so I will ask if what you suggested did occur. If that is not the case, what are my options here?
kaplan71
kaplan71
Old Hand
Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)Old Hand (322 reputation)

Group: General Forum Members
Points: 322 Visits: 329
Hello --

The company got in touch with me, and its representatives confirmed the necessary accounts were indeed locked out of the system. The end result was the company rebuilding the database server from the ground up. Thanks for the help in any event.
GSquared
GSquared
SSC-Insane
SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)SSC-Insane (24K reputation)

Group: General Forum Members
Points: 24619 Visits: 9730
Yeah. It's one of those things that people read the headline, but not the details, then try to do it, and don't realize they're creating a worse problem than they're solving. Happens all the time.

- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread

"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search