This is prior to SQL Server 2005. With SQL Server 2005 the login packets are encrypted. If SQL Server doesn't have an issued certificate, it'll use a self-signed certificate.

And while...

WILLIAM MITCHELL (2/6/2009)

---

Yes, the application determines what they can do, based on their Windows ID. If we had used a Windows service account then we could not distinguish who the...

But you've said the application was already determining what they could and couldn't do, right? If that's the case, you're relying on the app to enforce security. But you're already...

If they are an administrator on the system, you really can't stop them. You could deploy EFS, but then you've got to decide on the key escrow situation. You'll also...

WILLIAM MITCHELL (2/6/2009)

---

One downside of using Windows authentication is that a user could create an Excel, Word, or Access file that connects via ODBC directly to the database. That is...

It will install on 32-bit. The main limitation is the amount of memory that can be used. Therefore, with current hardware being both 32 and 64-bit capable, I'm not sure...

What rights does the public role have?

Is it a member of db_datareader and db_datawriter?

Is it a member of db_owner?

Does it have rights at the schema or database level?

The REVOKE syntax...

How about the biggest one: single source for all security management is Active Directory? If you've given access via Windows groups, a Directory Services administrator adds the user to the...

If you run

EXEC xp_logininfo 'Domain\User', 'all'

what do you get?

I believe the Audit object only records the exact SQL statement. I would have to test more to be sure.

Yes, it's possible. After all, SQL Server decrypts it (it has to in order to be able to execute). However, the answer to your question is not something that's appropriate...

Yes, a Windows account can be a member of multiple security groups. Yes, Windows security groups can nest within Active Directory. To be honest, as a former directory services administrator,...

How about a member of a domain group that has been given login rights? Or a member of BUILTIN\Administrators (the local Administrators group on the server) if that hasn't been...

If it's a named instance, then by default it does dynamic port allocation. When SQL Server starts up, if something is listening on that port, it'll choose a different one....

Was it a named instance?