March 18, 2003 at 12:23 pm
First of all, we are NOT running Active Directory. I have an application that connects to the DB using NT authentication. Rights have been set up in the server for that NT group that allow them to touch only objects related to the application. My problem is setting up the connectivity between linked servers. I would like to maintain the rights on the linked servers just like on the master server. Without active directory running, you can't use NT authentication between linked servers. Any ideas?
-Dan
-Dan
March 18, 2003 at 12:32 pm
Unfortunately, with the double-hopping ruled out by design, no. One of the two connections is going to have to be SQL Server login-based.
Going away from linked server, an idea might be to replicate the data to the master server, if that's possible (space, architecture, etc.)?
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
March 18, 2003 at 1:56 pm
Would it then be recommended to create a SQL Server user with the same exact rights as the NT Group. Then use that SQL Server user only for connecting between linked servers?
Another issue I'm facing is that System Administrators still need to be able to access linked servers with full control, I guess I could map the BUILTIN administrator NT group to "sa" on the remote/linked servers?
-Dan
Edited by - dj_meier on 03/18/2003 1:57:10 PM
-Dan
March 18, 2003 at 4:08 pm
Yes, creating a SQL Server user with the exact same rights would work.
As for mapping as sa, I dunno if that's such a good idea. If you have a DBA group, that's a possibility, but I wouldn't blanket BUILTIN\Administrators in such a manner.
In any case, you only want rights are necessary and no more, and if you're coming across a linked server connection, I'd limit it to whatever the app needs and that's it.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
March 18, 2003 at 5:12 pm
Thanks for the insight Brian.
-Dan
-Dan
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply