February 4, 2009 at 1:12 pm
Is this possible...? I have an domain ID that is active in a DB (SysUsers) but not active in SysLogins. But, the ID can login. The domain acct is not a member of any group that is currently on the server (syslogins).....
February 4, 2009 at 1:58 pm
How about a member of a domain group that has been given login rights? Or a member of BUILTIN\Administrators (the local Administrators group on the server) if that hasn't been removed?
K. Brian Kelley
@kbriankelley
February 4, 2009 at 2:02 pm
K. Brian Kelley (2/4/2009)
How about a member of a domain group that has been given login rights? Or a member of BUILTIN\Administrators (the local Administrators group on the server) if that hasn't been removed?
Nope. Not a member of any groups(or nested) that have rights. No builtin...
February 4, 2009 at 2:18 pm
If you run
EXEC xp_logininfo 'Domain\User', 'all'
what do you get?
K. Brian Kelley
@kbriankelley
February 4, 2009 at 2:22 pm
The permission path is pointing to "domain\domain users''.....
February 4, 2009 at 2:26 pm
also, i do not see that login or group members in that group
February 4, 2009 at 3:01 pm
Actually...here is what I found.. Which, brings up another Q!!
So, the ID path is thru "Domain\DomainUsers" and it has ability to login to the server, but no DBs.
Sooo, here is my Q!
*edit*cleanup of the q 🙂 *
AN ID is a member of domain group ABC and the Domain Users group. Now, ABC has access into the a Database with Active Dir group ABC. Domain users ONLY has a server login; no right to dbs
SO!, now, the group ABC is dropped from the server but it's left orphaned on the ABC Database.
So, now technically, the ID can login to the server thru the domain users group(and technically end there w/ that security path). BUT, will the ID now have privs into the DATABASE since the ABC group still is active (but orphaned on the server).
So, the overall question, is can a login use different paths in regards to what it logs into w/ on the server vs what it can use on the DB itself.
:o\
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply