Viewing 15 posts - 3,061 through 3,075 (of 6,104 total)
I wrote about this for my GSEC practical. You can find it in the SANS Reading Room:
SQL Server 2000: Permissions on System Tables Granted to Logins...
K. Brian Kelley
@kbriankelley
April 6, 2005 at 9:40 am
D is correct and your reasoning is sound. Permissions in SQL Server are actually at the column level. Therefore, when the DENY is run blocking access to Salary and BonusPercentage,...
K. Brian Kelley
@kbriankelley
April 5, 2005 at 7:17 am
As with the other exam-ish question you posted... if you had to pick an answer (A or D), which one would you pick, and why? If you are confused between...
K. Brian Kelley
@kbriankelley
April 4, 2005 at 2:12 pm
April 4, 2005 at 10:52 am
Go, Yankees! Okay, I know I'm asking for it, but I've been a fan of the team ever since I saw Don Mattingly play for the first time.
K. Brian Kelley
@kbriankelley
April 4, 2005 at 9:10 am
Anyone with sysadmin rights can do this... meaning you if you are the user with such rights. You have to handle this through Enterprise Manager unless you want to go...
K. Brian Kelley
@kbriankelley
April 4, 2005 at 9:08 am
So as not to turn this into a braindump, let's take the following approach: you tell us what answer you would have chosen and why. The key point is to...
K. Brian Kelley
@kbriankelley
April 3, 2005 at 9:39 pm
Please do not cross-post. See reply here:
http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=10&messageid=171721
K. Brian Kelley
@kbriankelley
April 3, 2005 at 9:38 pm
Congrats, Jeremy! on being published!
K. Brian Kelley
@kbriankelley
April 2, 2005 at 6:52 am
Yup. Try removing and readding from the domain. Perhaps the computer account is corrupt (though you should see this in the DC event logs). Any case, make sure you know...
K. Brian Kelley
@kbriankelley
March 31, 2005 at 11:09 pm
Sounds highly unusual. Same thing occur say if you try and add the user or group to the Users group for the local server (say through Computer Management, not in...
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:26 pm
Yes, using 3 part naming conventions. This assumes the user has the ability to access the tables in the multiple databases.
For instance:
<database>.<owner>.<object name>
Like the following:
SELECT *
FROM Northwind.dbo.Orders
Or, if multiple tables...
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:24 pm
Or... you can turn on URI-query on under extended properties for w3svc logging (IIS) and then parse the IIS logs. This may be more advantageous if you've got webstats software...
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:21 pm
In all seriousness, this has been banted around a few times. Would be nice to see.
K. Brian Kelley
@kbriankelley
March 31, 2005 at 10:03 pm
Is there anything different in AD between the groups you are able to add and the ones you aren't? Different OUs, different permissions on the object, etc.? Any audit failure...
K. Brian Kelley
@kbriankelley
March 31, 2005 at 9:59 pm
Viewing 15 posts - 3,061 through 3,075 (of 6,104 total)