A script to reveal which logins have access to your sql server via windows groups.
If you use Windows Authentication and have Windows groups as logins this script can help.
It reveals members of Windows groups and their Server permissions.
This is particularly handy if you're not the network administrator or dont have access to the Active Directory tools.
Hope it helps someone...
r
Richard Doering
/*
Script : SQL Server - Windows Group Membership Checker
Version : 1.0 (August 2010)
Author : Richard Doering
Web : http://sqlsolace.blogspot.com
*/
DECLARE @CurrentRow INT
DECLARE @TotalRows INT
SET @CurrentRow = 1
DECLARE @SqlGroupMembership TABLE(
ACCOUNT_NAME SYSNAME,
ACCOUNT_TYPE VARCHAR(30),
ACCOUNT_PRIVILEGE VARCHAR(30),
MAPPED_LOGIN_NAME SYSNAME,
PERMISSION_PATH SYSNAME
)
DECLARE @WindowsGroupsOnServer TABLE(
UniqueRowID int IDENTITY (1, 1) Primary key NOT NULL
, NameSYSNAME
)
INSERT INTO @WindowsGroupsOnServer (NAME)
SELECT [NAME] FROM master.sys.server_principals WHERE TYPE = 'G'
SELECT @TotalRows = MAX(UniqueRowID) FROM @WindowsGroupsOnServer
DECLARE @WindowsGroupName sysname
-- Loop Each Windows Group present on the server
WHILE @CurrentRow <= @TotalRows
BEGIN
SELECT @WindowsGroupName = [Name]
FROM @WindowsGroupsOnServer
WHERE UniqueRowID = @CurrentRow
BEGIN TRY
-- Insert found logins into table variable
INSERT INTO @SqlGroupMembership (ACCOUNT_NAME,ACCOUNT_TYPE,ACCOUNT_PRIVILEGE,MAPPED_LOGIN_NAME,PERMISSION_PATH)
EXEC xp_logininfo @WindowsGroupName , 'members'
END TRY
BEGIN CATCH
-- No action for if xp_logininfo fails
END CATCH
SELECT @CurrentRow = @CurrentRow + 1
END
-- Display final results
SELECT @@servername AS Servername
, [PERMISSION_PATH] AS WindowsGroup
, Account_Name
, Mapped_Login_Name
, Account_Type
, Account_Privilege
FROM @SqlGroupMembership ORDER BY [PERMISSION_PATH], [ACCOUNT_NAME] 
Many times developers want to put logic into their code or SSIS/DTS package to check the SQL Server authentication mode. How can this be done programmatically?
2011-01-03
5,211 reads
I have been tasked with auditing security on my SQL Server. However, this needs to be a somewhat automated process as I don't want to have to rely on taking screenshots every month to satisfy our auditors. What tables and/or views should I be using and what's the best way to extract the information out of them?
2010-08-25
3,618 reads
If your company needs to go through a SOX (Sarbanes–Oxley) audit or any security audit, the DBA has to provide security information to them. If you have purchased third party tools to provide this information that is great. If you don't have third party tools and need to go through many servers to provide this information it can be a hassle and very time consuming. So I put together a script to generate a report that I could just review. The script generates a report of all elevated level accounts and any possible security holes.
2009-11-20
3,602 reads
The first of this three part series on SQL Server Security Auditing focuses on the SQL Server itself and addressing any of its security vulnerabilities.
2009-08-26
3,129 reads
I re-cycle my SQL Server log every night using sp_cycle_errorlog. However, before I do, I would like to capture all of the failed logins recorded. I have auditing turned on for failed logins, but I want to make sure that I capture those events into a table so I can report on. How can I do this?
2009-05-28
3,095 reads