Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2005 Forums
 SQL Server Administration (2005)
 Different sequrity behaviour when logging in local

Author  Topic 

mhoglund
Starting Member

3 Posts
Posted - 2011-05-16 : 05:42:51
Hi everyone,

I've got a strange sequrity behaviour on a server running SQL 2005 SP4 on Win 2008R2. When connecting to the server through Windows authentication in SSMS I seems to get different sequrity contexts.

Backgound:
I belong to two AD sequrity groups, lets call them DBA and DBDEV. Since this is a production box the DBDEV group has very limited privileges. The DBA group belongs to local admin group on the server. When I connect remotely to the SQL Server in SSMS everything is OK and I can admin the server as usual. When I log on to the server using RDP I get admin rights in Windows.

Problem:
When I connect locally to the SQL Server in SSMS (using RDP) I get the limited privileges from DBDEV. If I use sa (local or remote) and runs xp_logininfo to check permission paths it shows me both groups.

How could a user logged in through Windows autentication have different privileges depending on from which computer he/she connect??

Martin
SQL Server DBA and developer since 2000

nigelrivett
Master Smack Fu Yak Hacker

3385 Posts
Posted - 2011-05-16 : 06:45:58
Have you checked the logins that are being used?

==========================================
Cursors are useful if you don't know sql.
SSIS can be used in a similar way.
Beer is not cold and it isn't fizzy.
Go to Top of Page

mhoglund
Starting Member

3 Posts
Posted - 2011-05-16 : 07:14:14
nigelrivett: not sure what you meen with "checked", but both sessions use the same sid so it aught to be the same login.

Martin
Go to Top of Page

mhoglund
Starting Member

3 Posts
Posted - 2011-05-17 : 05:00:14
Still got the problem, but one step further. When I use SSMS on the server (through RDP) and connect to other SQL servers everything is OK and I have the correct security context. That ensure, at least to me, that it's the very same AD login used as when I connect remote.

So, it seems to be something wired in the config of SQL server, but I can't figure out what...
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site