Re: User account for only SQL server

You can use Group Policy Restricted groups to add the SQL admin's domain
user account to the local Administrators group of your desktop computers. If
you haven't already, you should put all your desktop PCs into their own OU
before proceeding, then see the links below for more info on Restricted
groups.

http://support.microsoft.com/kb/279301
http://www.jsifaq.com/SF/Tips/Tip.aspx?id=3251
http://www.windowsecurity.com/articles/Using-Restricted-Groups.html

"vdz" <vdz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A9DDBE85-7971-494A-93D9-B92BE23E1AC0@xxxxxxxxxxxxxxxx
Hi Martin

Thanks for your great help.
But now he insisted to have Admininstrators Account so that he can log on to
the SQL client PCs to be able to fix and support them. That means he's still
able to access our DC.
How could I enable "Deny access to this computer from the network
properties" GPO?
I did try adding his user account that includes Administrators permission to
that GPO, but he still can logon to our DC.

Or there is a better way you could have? please help

Once again thanks a lot for your help

Cheers

"Martin X." wrote:

1. Create a LOCAL user account on the SQL server for the person.
2. Add the new account to the local Administrators group on the SQL server
only.
3. Give the new account SQL server admin permissions using the SQL server
management tools.

Because this is a local account on the SQL server only, it will not have
permission to any other computer (as long as the username and password are
not the same as another account in your domain).

"vdz" <vdz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A03BDA6F-AD74-40C1-8579-A79F3A0B1314@xxxxxxxxxxxxxxxx
Hi all

I have been searching for a solution for creating a certain user to be
able
to logon only SQL server remotely.

Here is my senario:

1 x DC wins server 2003 AD
1 x SQL server - member server wins 2003 server.

I just want to creat a user account so that he or she is only able to log
in
SQL server to maintain our database and do some other tasks on SQL server
remotely.

I am thinking that is an user local account previlleged enough for him or
her to perform his/her tasks on our SQL server?

Any help would be much appreciated.





.

Relevant Pages

  • Re: Error 15401 using sp_grantlogin (not addressed by current KB articles)
    ... Restarting Windows 2000 resolved the problem for this particular account, ... confused when it sees a duplicate SID. ... > One way to get SQL Server to agree with the renamed NT ... > Preview (to ensure the script was created), ...
    (microsoft.public.sqlserver.security)
  • Re: SharePoint V3 Install Error
    ... But it our case it had to do with Group Policies that forbid the account of ... WSS FAQ:www.wssv3faq.com/wss.collutions.com ... Event Source: WindowsSharePointServices3Search ... whatever you are installing WSS as sufficient rights to the SQL Server ...
    (microsoft.public.sharepoint.windowsservices)
  • RE: Problems with WebParts
    ... to a database called aspnetdb. ... > The connection string specifies a local SQL Server Express instance using a ... > server account must have read and write access to the applications directory. ... > This is necessary because the web server account will automatically create ...
    (microsoft.public.dotnet.framework.aspnet)
  • Trusted connection
    ... Can I log on to SQL Server 2000 being loged on to a computer (local ... user account) which is added to a domain? ... local Administrators group but the ...
    (microsoft.public.sqlserver.security)
  • Re: Cannot connect to Query Analyzer
    ... For Query Analyzer, I tried replacing the file as you suggested but had the ... same results (Enterprise Manager starts up fine, ... I created an account on my laptop and changed SQL ... Try replacing the MMC app for SQL Server from the original ...
    (microsoft.public.sqlserver.connect)