Tuesday, February 14, 2012

Deny remote access to MSDE for some users

HI!
I'm a complete MSDE newbie but I have to clarify an open question about
access control with MSDE 2000 running on WinNT 4.0:
Is it possible to grant some admin users remote access to the MSDE but
restrict other local users to local access?
Ciao, Michael.
hi Michael,
Michael Strder wrote:
> HI!
> I'm a complete MSDE newbie but I have to clarify an open question
> about access control with MSDE 2000 running on WinNT 4.0:
> Is it possible to grant some admin users remote access to the MSDE but
> restrict other local users to local access?
yes, of course..
you have to grant the remote logins access to the MSDE instance via the
sp_grantlogin system stored procedure
(http://msdn.microsoft.com/library/de...-us/tsqlref/ts
_sp_ga-gz_8dri.asp), while you have to deny local logins via sp_denylogin...
please have a look at
http://support.microsoft.com/default...;EN-US;q325003 for futher
info about how to perform these tasks via oSql.exe, the command line tool
provided with MSDE
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply
|||Andrea,
first many thanks for the pointers.
Andrea Montanari wrote:
> hi Michael,
> Michael Strder wrote:
> you have to grant the remote logins access to the MSDE instance via the
> sp_grantlogin system stored procedure
> (http://msdn.microsoft.com/library/de...-us/tsqlref/ts
> _sp_ga-gz_8dri.asp), while you have to deny local logins via sp_denylogin...
Let's assume I use Windows authentication for MSDE. Is the whole access
control also done via Windows rights based on groups? How to disallow a
remote login for local users then?
Ciao, Michael.
|||ciao Michael,
> ..
> Let's assume I use Windows authentication for MSDE. Is the whole
> access control also done via Windows rights based on groups? How to
> disallow a remote login for local users then?
let's say you have YourDomain\theUser member of TheGroup\
you want TheGroup\ to be able to connect to MSDE, so you grant
(sp_grantlogin) it connection...
but you want YourDomain\theUser not to be able to connect to MSDE .. you
deny YourDomain\theUser connection to MSDE via sp_denylogin...
this way you have YourDomain\TheGroup able to connect and YourDomain\theUser
unable...
Andrea Montanari (Microsoft MVP - SQL Server)
http://www.asql.biz/DbaMgr.shtmhttp://italy.mvps.org
DbaMgr2k ver 0.11.1 - DbaMgr ver 0.57.0
(my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual
interface)
-- remove DMO to reply

No comments:

Post a Comment