February 4, 2010 at 2:14 pm
Okay... it has been a long day, but here is the scoop.
New SQL Server 2005 Express install. Logins are as follows:
BUILTIN\Administrators
BUILTIN\Users
Local MSSQL User Group Created by SQL
NT Authority\System
4 additional SQL Server logins (including SA)
I have a domain account which is NOT a member of the local admin group, is NOT a local user on the server, and is not in the local MSSQL User group that was created. Yet this use can authenticate via Windows Authentication. Cannot et into the prod database, but can get into the system databases. I understand that access to the system databases is being handled via the GUEST user.
But, how in the world is the original authentication to the server even occurring?
Thanks!
February 4, 2010 at 2:54 pm
That is interesting, one shouldn't be able to login unless he/she belongs to a group
You could try removing permissions group by group and see (e.g. make those groups Public roles only)
BUILTIN\Administrators
BUILTIN\Users
Local MSSQL User Group Created by SQL
NT Authority\System
Are you sure he/she is not part of of a sub-group that's part of the above group?
February 4, 2010 at 3:17 pm
Check the group membership of any groups that have been added to the Administrators or Users groups on the server. There is probably a group that this person belongs to that has been added in the Users group.
Jeffrey Williams
“We are all faced with a series of great opportunities brilliantly disguised as impossible situations.”
― Charles R. Swindoll
How to post questions to get better answers faster
Managing Transaction Logs
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply