December 8, 2008 at 7:02 am
Hi list,
I have a sql server login group obtained from AD. There are some users whom I do not want to be in the login group. How can I deny some individual group members login permission to SQL Server using SQL instead of making a change in AD?
I appreciate your hint.
Regards
Niyala
December 8, 2008 at 7:44 am
I've never done this, so I don't know if it works, and don't necessarily think it would be the best way to handle, but you could add the specific users to the server and explicitly DENY them connect to server rights or DISABLE the login. Like thi:s
CREATE LOGIN [Domain\UserName] FROM WINDOWS WITH DEFAULT_DATABASE=[master]
GO
DENY CONNECT SQL TO [LoginName]
Or
ALTER LOGIN [LoginName] DISABLE
I think the best way is to create a new AD group that you add the users that can connect to.
Jack Corbett
Consultant - Straight Path Solutions
Check out these links on how to get faster and more accurate answers:
Forum Etiquette: How to post data/code on a forum to get the best help
Need an Answer? Actually, No ... You Need a Question
December 8, 2008 at 9:32 am
I've done this exactly the way Jack describes and it does work. The "deny" for the individual overides the "permit" for the group.
Greg
December 8, 2008 at 9:47 am
Greg Charles (12/8/2008)
I've done this exactly the way Jack describes and it does work. The "deny" for the individual overides the "permit" for the group.
Good to hear
I have had DISABLED a domain login (Domain Admin), while that login is part of BUILTIN\Administrators, and the user couldn't log into the box either
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply