Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
silas2
Yak Posting Veteran
65 Posts |
Posted - 2005-08-26 : 10:13:20
|
| In the scenario where you are installing MSDE/SQL Server at a customer site (not your own) is this true:Assuming the customer has a (Windows) login with admin rights (or is a member of the admins group) over the PC which the server was installed on, there is no way of locking the customer out of any part of the SQL Server installation and its databases as Mixed Authentication (which you can't turn off) will always allow members of the (Windows) admins group to also be a member of the SQL Server admins group??? |
|
|
mr_mist
Grunnio
1870 Posts |
Posted - 2005-08-26 : 10:40:22
|
| Generally if someone has domain admin you would be hard pressed to completely prevent them from accessing the SQL Server. You can deny access to various logins, and you can remove the (default) access for administrators and replace it with more specific access, but if you leave a windows account with access then any domain administrator could (in theory) reset the windows password for whatever account does have access and use that.Mixed (SQL) authentication has nothing to do with windows accounts at all. Mixed authentication (sql authentication) involves sql-level accounts and passwords which you assign and manage. Mixed authentication can be turned off, windows authentication cannot.Locking out everyone from the windows side would result in the sql service account not being able to run properly, so your server would not start.-------Moo. :) |
 |
|
|
silas2
Yak Posting Veteran
65 Posts |
Posted - 2005-08-26 : 10:58:34
|
| Would you say then, that if you were using tables at the customer's site to collect data which you might be using to bill the customer, you would need to supplement your SQL Server DB with another secure format which the customer couldn't gain entry into, e.g. MDB? |
 |
|
|
mr_mist
Grunnio
1870 Posts |
Posted - 2005-08-30 : 04:16:39
|
| You could use additional security measures, however I would not describe access database files as such.-------Moo. :) |
 |
|
|
|
|
|