Learn more about SQL Server tools

mssqltips logo
 

Tutorials          DBA          Dev          BI          Career          Categories          Webcasts          Scripts          Today's Tip          Join

Tutorials      DBA      Dev      BI      Categories      Webcasts

DBA    Dev    BI    Categories

 

Windows Groups to Support SQL Server 2005 Application Security


By:   |   Last Updated: 2006-08-28   |   Comments   |   Related Tips: More > Security

Problem
Have you had an issue trying to find out how to assign rights for some of the new applications (SQL Server Integration Services, Full Text, OLAP, Express, Reporting Services, etc.) in SQL Server 2005?  If so, you are not alone.  With SQL Server 2005, some of the new security is assigned via Windows Groups that can be managed directly via Computer Manager.  Unfortunately, these are no where to be found or configured in SQL Server 2005 Management Studio (SSMS) in the same light as database engine permissions.

Solution
With security migrating away from direct management in SQL Server 2005 Management Studio, create a short cut on your desk to Computer Management in order to manage the new groups.  The new groups to support some of the new SQL Server 2005 applications are created as the application is installed on the SQL Server.  Below is a screen shot of Computer Management with some of the new Windows groups to support SQL Server 2005:

How can I add or remove windows accounts for these new groups?

To manage the groups, follow these steps:

  1. Open Computer Management by clicking on Start | Control Panel | Administrative Tools | Computer Management
  2. Once Computer Management loads, navigate to System Tools | Local Users and Groups | Groups
  3. Select the group you would like to add or remove a login by double clicking on the group
  4. Click the 'Add ' button and enter the login on the subsequent screen
  5. To delete a login or group, click the 'Remove' button and review the subsequent screens

How can I assign SQL Server logins?

The SQL Server 2005 Windows groups use just domain or local accounts, so SQL Server logins are not an option.

Next Steps

  • As you begin to deploy these new applications be sure to verify the Windows Group rights for these users and do not feel obligated to assign Windows Administrator rights by default.
  • Since assigning rights at the Windows Group level may not be a portion of the typical developer or DBA daily tasks, be sure to coordinate with your Network or System Administrators as needed.
  • Stay tuned for additional security options with these SQL Server 2005 applications.


Last Updated: 2006-08-28


get scripts

next tip button



About the author
MSSQLTips author Jeremy Kadlec Since 2002, Jeremy Kadlec has delivered value to the global SQL Server community as an MSSQLTips.com co-founder and Edgewood Solutions SQL Server Consultant.

View all my tips
Related Resources




Post a comment or let the author know this tip helped.

All comments are reviewed, so stay on subject or we may delete your comment. Note: your email address is not published. Required fields are marked with an asterisk (*).

*Name    *Email    Email me updates 


Signup for our newsletter
 I agree by submitting my data to receive communications, account updates and/or special offers about SQL Server from MSSQLTips and/or its Sponsors. I have read the privacy statement and understand I may unsubscribe at any time.



    



Learn more about SQL Server tools