|
|
Posted by Hugo Kornelis on 10/02/23 11:50
On 14 Jun 2006 22:04:33 -0700, Eng.Rana@gmail.com wrote:
>> Unless you can set up some trust between them you need to use SQL
>> authentication.
>
>how can i only enforce sql authenticaion, although the only two options
>available are Windows authentication only or mixed mode.
>
>this means that there always has to be trust between domains or that
>they be on the same domain.
>
>else how can enforce SQL authentication only!!!!!
Hi Eng.Rana,
Though you can't disable the mechanism for Windows authentication, you
can render it unfunctional by granting nobody the right to login with
Windows authentication.
Windows authentication doesn't mean that every domain user suuddenly has
the right to connect to SQL Server - you have to explicitly allow this
to individual Windows accounts or groups. In SQL Server 2000, you used
the sp_grantdbaccess stored pprocedure (or some graphical tool) for
this; in SQL Server 2005, this stored procedure is replaced by the
CREATE LOGIN xxx FROM WINDOWS command..
Note that by default, all windows accounts that are in the
builtin/administrators group have access to the DB using Windows
authentication. If you realy want to force everyone to use SQL
authentication, you'll have to remove these logins (using
sp_revokedbaccess or DROP LOGIN). I have never tried if this works,
because I'm scared that I'll forget my sa password and never be able to
regain access to the DB. <g>
--
Hugo Kornelis, SQL Server MVP
Navigation:
[Reply to this message]
|