August 28, 2012 at 10:18 am
Hello --
We have a Windows 7 64-bit distribution workstation running a SQLExpress 2008 database. There is one instance on the system and it comprises of six databases. I have been tasked with setting up a backup solution, but I am having permissions issues accessing the databases.
The server is set up with mixed authentication, and when I initially log into the workstation, I am doing so as a local administrator. I can activate the Studio software, and view the databases in question. However, the local administrator has public level permissions, and cannot gain any other access to the databases. The sa account appears to be disabled on the system.
What makes this situation more puzzling, is the fact that when the database server was initially installed, the following command syntax was used:
Setup.exe /q /ACTION=Install /FEATURES=SQLENGINE,SSMS,SDK /INSTANCENAME="SQLEXPRESS2008" /IAcceptSQLServerLicenseTerms="True" /SECURITYMODE="SQL" /SQLCOLLATION="SQL_Latin1_General_CP1_CS_AS" /SQLSVCACCOUNT="NT AUTHORITY\SYSTEM" /SAPWD=".<password>" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS"
The sa account does have a password associated with it. During the initial login into the Studio, I switched from Mixed to SQL Authentication, and tried logging in as the sa account with the password. This attempt was not successful. Also, correct me if I am wrong, the local administrator account should have sysadmin access by virtue of the switch /SQLSYSADMINACCOUNTS shown in the above quote.
Is there something that I am missing or forgot to do here?
Thanks.
August 28, 2012 at 10:37 am
It's a somewhat common practice (not as common as it needs to be) to disable or reduce the permissions of builtin\admin post-installation. Is it possible someone did this? Perhaps the same person who disabled sa?
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
August 28, 2012 at 10:49 am
I have a call into the company that set up the system, so I will ask if what you suggested did occur. If that is not the case, what are my options here?
August 28, 2012 at 2:09 pm
Hello --
The company got in touch with me, and its representatives confirmed the necessary accounts were indeed locked out of the system. The end result was the company rebuilding the database server from the ground up. Thanks for the help in any event.
August 29, 2012 at 7:20 am
Yeah. It's one of those things that people read the headline, but not the details, then try to do it, and don't realize they're creating a worse problem than they're solving. Happens all the time.
- Gus "GSquared", RSVP, OODA, MAP, NMVP, FAQ, SAT, SQL, DNA, RNA, UOI, IOU, AM, PM, AD, BC, BCE, USA, UN, CF, ROFL, LOL, ETC
Property of The Thread
"Nobody knows the age of the human race, but everyone agrees it's old enough to know better." - Anon
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply