The issue here with IS_MEMBER() is you have to try each group in turn. This is why I say ADUC (Active Directory Users and Computers or a command-line tool like...

For SQL Server 2005, see this article:

Books Online: Moving System Databases

It might be simpler to use cross-database ownership chaining. I'm assuming all objects are in the dbo schema for both DBs.

- db1 and db3 have the same owner (doesn't matter...

hanrahan_tim (12/7/2011)

---

1. When setting up a new SQL instance it seems that going with windows integrated is the best practice, only using SQL logins if absolutely required for legacy apps,...

Is the user activating an app role in a database which causes them to lose their original security context?

There shouldn't be a need to check PCs. It's an automated attack on the web hitting vulnerable web sites running ASP or ColdFusion using SQL Server as a back-end.

As to...

The most likely scenario is something or some process (if you have something automated... SQL Server doesn't have anything like this) dropped the role. Without prior auditing, it may be...

Either use SQLCMD or, if you're using SSMS, connect using File | Database Engine Query.

anthony.green (12/6/2011)

---

you could create a role, put the users in the role, grant the access needed to that role, that way you can add and remove users as you wish...

Just so long as folks are aware...

If your laptop happens to be where it can run the domain account they use (highly unlikely), you would use the RunAs option (right-click on SQL Server Management Studio) and...

The best practice is to specifically add the service accounts. It is also recommended to avoid DENY wherever possible. Therefore, push back and refuse the group.

Is it consistently the same SQL Server login? Is there anything special about that login? For instance, is it the owner of the app role?

Without encryption, if I can get your .mdf and .ldf (and any .ndf files) for a given database, then I can attach the database as long as I have the...

This question comes up a lot and there's no easy way (or supported way) to do this. If you revoke VIEW ANY DATABASE from public, then the users in questions...