July 16, 2003 at 4:10 am
We are running in 'SQL Server and Windows Authentication mode'. All the database admin has been done using the sa account, i,e, creation of jobs, databases, etc.
An application running on the server requires that the servers authentication mode be changed to 'Windows Only' for the users of this application to be authenticated via NT.
How will changing the mode to 'Windows Authentication Only' affect the sa account, sa as the owner of databases and jobs, etc.
What will I need to do from my side, if anything, to keep things running smoothly once we make this change.
July 16, 2003 at 8:10 am
You really don't have to make any changes to authentication mode. SQL Server will verify the connection from application and authenticate the login with 'NT Authentication' automatically if your application has been configured to use NT authentication to connect SQL Server.
July 16, 2003 at 8:58 am
To use both sa and your NT Accounts, configure your server security to "SQL Server and Windows'. Go to EM -> Server Properties -> Security. You need to restart your SQL Server Services to take place this change
Shas3
July 16, 2003 at 12:25 pm
Changing to Windows Authentication Only mode won't affect the databases. For instance, when you set up a SQL Server out of the box with Windows Authentication, master, model, msdb, Northwind, pubs, and tempdb are all owned by sa. The db_owner is internal to SQL Server.... it's a mapping between sysxlogins and sysdatabases. So long as the SID exists in sysxlogins, you should be okay Since sa can't go away... you get the idea.
As far as jobs are concerned, they will continue to run with an owner of sa (I just checked a SQL Server that's Windows only and we do have a job running under sa). Typically, though, we run with the owner as the service account for SQL Server/SQL Server Agent (which needs sysadmin rights to SQL Server anyway).
What changing will do is prevent anyone from logging in as sa (once you restart the service after makingt he change). The sa account will still be present and if you ever switch it back, the sa account will be available again for login. By switching to Windows only authentication, you stop all SQL Server logins, but you don't get rid of them or make them invalid.
K. Brian Kelley
http://www.truthsolutions.com/
Author: Start to Finish Guide to SQL Server Performance Monitoring
http://www.netimpress.com/shop/product.asp?ProductID=NI-SQL1
K. Brian Kelley
@kbriankelley
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply