Create DTS packages is in the msdb database. You didn't indicate what database you're trying to give permissions.

If I remember right for SQL Server 2000, even if you're a DB_Owner...

Also, I would add that it's relately simple to audit for Windows group changes. This is even easier in 2008 AD and above with event forwarding. An organization is hopefully...

For the most part. The only exception I've suggested is with respect to user accounts that function as a "service account." However, I've run into cases recently where it would...

opc.three (10/3/2012)

---

I would agree with you if it were difficult to touch 200 instances. That's what CMS, multi-query windows and PowerShell are for. For the knowledge that no one can...

opc.three (10/3/2012)

---

K. Brian Kelley (10/3/2012)

---

opc.three (9/28/2012)

---

If I had to say one thing about Groups I would try to avoid adding Windows Group to the sysadmin Role. I do look to...

Is it just your system? Can others log on to the server just fine?

The reason I ask is that's a Microsoft.NET Framework error that's being thrown. There looks to be...

opc.three (9/28/2012)

---

I agree with that in theory. In my experience however, in practice, when a new person is brought into an environment the request usually looks a lot like this:

Jane...

Can you give an example of code not looking genuine? SELECT queries and execution of stored procedures would be hard to manipulate in this way as they don't fire DML...

Login triggers only fire when the developer first logs in. Therefore, if the developer is logging in and staying connected, this doesn't work for what you're trying to do.

Database-level DML...

Another option is if you have a backup of the database from before the change, you can restore that backup on a test server and examine what the permissions were.

While the best practice says that you should, realistically, there's not much to be gained. After all, the SQL Server Agent service has sysadmin rights into SQL Server. Since you...

First, let's accept the undeniable truth: you cannot prevent someone with sysadmin role membership from looking at the data.

Once you accept that, here's how to go about doing what...

If you can connect to ABC, when you execute

SELECT @@SERVERNAME;

what do you get? Do you get ABC or do you get ABC\SQLEXPRESS? If you get ABC, that's a different...

I would use BUILTIN\Users. NT Authority\Authenticated Users could include accounts local to the server that aren't in Users.

Best would be *Domain*\Domain Users if you're a single domain. This would ensure...

That reminds me, as a security person I hate the db_datareader and db_datawriter roles. They provide implicit permissions to tables and views. That means that I not only have to...