Administering SQL Security - Cannot see new local groups!

Administering SQL Security - Cannot see new local groups!

Post by David S Rubi » Wed, 19 Feb 1997 04:00:00



Part 1)

We are configuring a brand new server with fresh installation of all
software.  We have installed NTServ4.0 SP1 (not a PDC or BDC) and SQL6.5
SP2.  Our NT Networking Protocol is TCP/IP.  Our SQL Host Protocol is
Multi.  We are using Integrated Security Mode.

We worked at the console of the server.  Using UserMgr for Domains, we
created several new local groups, and pulled several Domain User IDs into
each.  We went into SQL Security Manager, went to the Grant Admin Privilege
screen and selected local groups.  The list showed all of NT's predefined
Local Groups (ie. Administators, Users, Backup Operators) but not our new
Local Groups (SQLAdmin, SQLUser).  I have seen pictures in various books
(including Books Online) showing that this can be done, but I must be
missing something.  Help!!!

One hunch - Do I have to reboot in order for the new groups to become
visible to services or applications?

Part 2)

Responsibility for security in our organization is divided - one group
handles domain security (New Users), and I am responsible for security on
this (and several future) SQL Server(s).  I anticipate the other group will
create new domain IDs, then I will add these IDs to the Local Groups
(SQLAdmin, SQLUser).

Question)  After the initial mapping of these Local Groups to SQL Security
(SQLAdmin --> Admin(sa), SQLUser --> Users), will the ongoing addition
(thru NT) of IDs to these groups result in the new IDs showing up in the
SQL Enterprise Manager 'Logins' list, from which I can grant database
privileges?

Thanks

 
 
 

Administering SQL Security - Cannot see new local groups!

Post by Bill Callawa » Sat, 22 Feb 1997 04:00:00


David ... a stand alone server (not a pdc or bdc) has it's own security
database (similar to an NT Workstation).  The local groups you see using
SQL Security Manager are from the stand alone server.  This is the reason
you could not see the domains local groups in SQL Security Manager.  Using
User Manager for Domains you will need to specify the server name for
domain (I think it may require the double backwack too "\\") in select
domain under the user menu item.  From here you can add users from the
domain into the servers local groups.



Quote:> Part 1)

> We are configuring a brand new server with fresh installation of all
> software.  We have installed NTServ4.0 SP1 (not a PDC or BDC) and SQL6.5
> SP2.  Our NT Networking Protocol is TCP/IP.  Our SQL Host Protocol is
> Multi.  We are using Integrated Security Mode.

> We worked at the console of the server.  Using UserMgr for Domains, we
> created several new local groups, and pulled several Domain User IDs into
> each.  We went into SQL Security Manager, went to the Grant Admin
Privilege
> screen and selected local groups.  The list showed all of NT's predefined
> Local Groups (ie. Administators, Users, Backup Operators) but not our new
> Local Groups (SQLAdmin, SQLUser).  I have seen pictures in various books
> (including Books Online) showing that this can be done, but I must be
> missing something.  Help!!!


 
 
 

1. Cannot connect to local sql server after new install

I have just installed sql2000 eval and am trying to
register a local server. My computer name is JAMESDELL
and thats what I want to call the instance of sql server.
I cannot get it started and am getting errors such as
sql server does not exist or access denied:Connection
Open etc etc

Whats going wrong ???

Many thanks for advice

James

2. Capacity Error

3. My new hostname cannot be seen from db2

4. DbCombo problem

5. security: NT local groups

6. Sql DTS

7. NT local group not showing up in Security Manager

8. RestoreDB

9. Remapping/Copying SQL Logins from NT Local Groups to Domain Global Groups

10. Other members in Admin Security Group Cannot View Server

11. SQL 7 Group Security and Predefined NT Groups

12. Oxfordshire, UK - new local delphi user group.

13. cannot connect to SQL Server thru ODBC, yet Enterprise mgr sees it