May 2, 2009 at 12:44 am
hi,
I'm using sqlserver2005, and i just want to deny access to the windows authentication mode. Is it possible to disable windows authentication.
thanks,
🙂
May 2, 2009 at 2:22 am
The only two options at the global level are Windows Authentication or Mixed Mode (Windows and SQL Server). Unfortunately there is no SQL Server only authentication.
If you have existing domain logins that you wish to prevent from accessing the server but cannot delete permanently, how about writing something to loop through the syslogins table extracting the names where they start with your domain name, and then run an alter login disable statement for that subset of logins.
May 2, 2009 at 3:54 pm
No, it's not possible.
But if you didn't grant Windows account access to MSSQL, you'll have only MSSQL logins working on the instance.
Ensure that BUILTIN\Administrator was removed too.
---------------------
Alex Rosa
http://www.keep-learning.com/blog
May 3, 2009 at 10:15 pm
Before choosing to remove BUILTIN\Administrator, please be aware that this is the default mechanism used by SQL Server to grant the local admin group SysAdmin privilege to SQL Server. If you remove "BUILTIN\Administrator", you might removed your own access.
If you choose to remove BUILTIN\Administrator, you need to make sure that either you know the SA password and/or your windows account has been granted SQL Server SysAdmin privilege directly or through another group.
May 3, 2009 at 10:25 pm
With SQL Server 6.5 you could work with SQL Server authentication only, but this feature was taken out when SQL Server 7 was released. Windows Authentication is regarded as more secure then SQL Server authentication, so it brings out the question – why would you want to work only with SQL Server authentication?
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
May 4, 2009 at 6:49 am
Itz not possible.I think itz better u disable the windows login for that user in the machine.
[font="Comic Sans MS"]+++BLADE+++[/font]:cool:
May 4, 2009 at 7:11 am
Why would you need to disable domain authentication? Even though SQL authentication in 2005+ is encrypted, it is still a recommended practice to continue to use Windows Authentication.
May 4, 2009 at 9:54 am
happycat59 (5/3/2009)
Before choosing to remove BUILTIN\Administrator, please be aware that this is the default mechanism used by SQL Server to grant the local admin group SysAdmin privilege to SQL Server. If you remove "BUILTIN\Administrator", you might removed your own access.If you choose to remove BUILTIN\Administrator, you need to make sure that either you know the SA password and/or your windows account has been granted SQL Server SysAdmin privilege directly or through another group.
I'd be sure you have at least three secure and tested methods to connect to the SQL Server instance before you remove the BUILTIN\Administrator group from the instance.
May 4, 2009 at 10:35 am
Hi guys,
It's very important to test the sysadmin connections before remove the BUILTIN\Administrator group, but don't forget that since MSSQL 2005, we have an workaround if the SA password was lost:
Disaster Recovery: What to do when the SA account password is lost in SQL Server 2005
---------------------
Alex Rosa
http://www.keep-learning.com/blog
September 22, 2009 at 5:41 am
You can prevent connecting to the server through window authentication without deleting the BUILTIN\Administrators account.
This can be done in two steps:
1 Step: Remove the sysadmin server roles for the BUILTIN\Administrators.
2 Step: deny "permission to connect to the database engine"
Viewing 11 posts - 1 through 10 (of 10 total)
You must be logged in to reply to this topic. Login to reply