January 21, 2019 at 9:44 am
Hi,
Does anybody know of a way to prevent logon triggers from been created or from firing? We had a user create a logon trigger (thankfully on a test server) which as expected prevented all users from connecting to SQL. The issue was fixed by using a DAC connection and disabling the trigger but I was wondering if there was anything more proactive we could do to prevent this from happening.
I was looking at advanced options and Policies but can't find anything out of the box that we can use.
Thanks
January 21, 2019 at 11:28 am
onettleton - Monday, January 21, 2019 9:44 AMHi,
Does anybody know of a way to prevent logon triggers from been created or from firing? We had a user create a logon trigger (thankfully on a test server) which as expected prevented all users from connecting to SQL. The issue was fixed by using a DAC connection and disabling the trigger but I was wondering if there was anything more proactive we could do to prevent this from happening.
I was looking at advanced options and Policies but can't find anything out of the box that we can use.
Thanks
Things like that are generally managed with permissions. Seems like that user has more permissions than needed - especially when you look at the results of what they did.
A user needs control server permissions for logon triggers. Or a sysadmin.
If the user(s) is a sysadmin, you can't deny permissions. And you likely have a problem to address even when in non-production environments.
Sue
January 21, 2019 at 11:47 am
I agree with Sue. You need to fix the permissions on the users of those machines so that can't do such a thing.
--Jeff Moden
Change is inevitable... Change for the better is not.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply