Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQL server Windows Authentication is Broken

Status
Not open for further replies.
Indika

Indika

Programmer
Jul 31, 2000
13
US
I have a SQL server 2000 with ONLY windows authentication is enabled.

Domain Users are part of the public role and a custom database role that has permissions only for few tables.

For some reason SQL server allows ALL Domain users to have Admin RIGHTS on the server.

Anyone has any suggestions to fix this problem? Thanks
 
Sort by date Sort by votes
Are you positive they have ADMIN rights?

Do your users have DOMAIN ADMIN rights for the domain (not on SQL Server, but on the domain itself)?

What are they doing that makes you believe they have admin rights?

-SQLBill



Posting advice: FAQ481-4875
 
Upvote 0 Downvote
Domain users do not have admin rights in the domain. They are able to create users, create DTS packages, run jobs, modify tables, etc on SQL server. I tried assigning different roles like “db_datareader”, db_datawriter”, etc, but nothing seems to work.
 
Upvote 0 Downvote
It sounds like they have been given db_owner permissions. Check their login permissions and make sure db_owner is not granted.

Don't just check the permissions on the ROLE you created but also on the individual logins.

-SQLBill

Posting advice: FAQ481-4875
 
Upvote 0 Downvote
I haven’t given permissions to individual users. “Domain Users” group do not have any permissions other than they are part of the “public” and one custom database role which allows access to few tables.
 
Upvote 0 Downvote
Check the Administrators group on the local machine. By default the local admin group has sysadmin privileges to SQL Server - check that the Domain Users group has not been added to the local admin group.

--James
 
Upvote 0 Downvote
domain users" group is not added to any local groups other than local "users" group

local "users" group doesn't have permissions to sql server
 
Upvote 0 Downvote
OK, these users must be getting their permissions from somewhere!

Check the System Administrators fixed server role and look at which logins are members of this.

How are the domain users gaining access to SQL Server? Have you actually granted the Domain Users group access? If so, look at the properties and see which Server Roles it is a member of?

--James
 
Upvote 0 Downvote
Also, check that 'custom role' you created. Check what permissions have been given on the Server Role tab and the Database Role tab.

-SQLBill

Posting advice: FAQ481-4875
 
Upvote 0 Downvote
HI,
also make sure Public role is still public someone hasn't alter its permissions.

B.R,
miq
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

grnzbra
  • Locked
  • Question
SQL Server in Windows
Replies
1
Views
457
pjw001
pjw001
CodeWell
  • Locked
  • Question
SQL Server 2017 Install Issue - Database Not in Configuration Manager
Replies
0
Views
397
CodeWell
CodeWell
dgillz
  • Locked
  • Question
SQL Server timeouts after updating workstations to Windows 10
Replies
0
Views
318
dgillz
dgillz
bethabernathy
  • Locked
  • Question
Front End Access 365 Database dsn Connection Fails when attempting to link to 2016 SQL server
Replies
1
Views
320
dhookom
dhookom
Ikatiemarie
  • Locked
  • Question
SQL Server 2008 SP_Send_dbmail
Replies
0
Views
933
Ikatiemarie
Ikatiemarie

Part and Inventory Search

Sponsor

Back
Top