Hello,
I've Windows 2000 server with SQL 2000 server running.
I have a SQL user (let's call miniSa) which is mostly "sa" on one SQL box.
And that account is used to all over the places (VB apps,Web app, DTS
connection). Now I know that a person shouldn't be access to the SQL box bu
t
he does using the account. Only way I can track down him is from SQL profil
e
with his machine name.
Is there a way that I can block the SQL box only from a specific machine nam
e?
Thank you in advance.
SangHun"SangHunJung" <SangHunJung@.discussions.microsoft.com> wrote in message
news:F23A84F9-6350-4BE8-B002-62A9BD320BCB@.microsoft.com...
> I've Windows 2000 server with SQL 2000 server running.
> I have a SQL user (let's call miniSa) which is mostly "sa" on one SQL box.
> And that account is used to all over the places (VB apps,Web app, DTS
> connection). Now I know that a person shouldn't be access to the SQL box
but
> he does using the account. Only way I can track down him is from SQL
profile
> with his machine name.
> Is there a way that I can block the SQL box only from a specific machine
name?
It's kind of ugly, but you could do TCP/IP filtering on the server level and
block the IP address of the computer that your "SQL user" uses. A better way
would be a review of the security implementation, eliminate this commonly
used account and implement Windows Authentication with nt group membership.
Steve|||Thanks for the reply Steve.
Using TCP/IP Filtering is not an option because of DHCP server. I may use
MAC address but that way that user may not use all the apps in the server.
I
don't want that happen either. I want just SQL server databases access
denied from the PC.
I will work on the whole problem but I need some time and ofcourse runing
several projects, support developers, and admin issues......tough.
Any other suggestions?
SangHun
"Steve Thompson" wrote:
> "SangHunJung" <SangHunJung@.discussions.microsoft.com> wrote in message
> news:F23A84F9-6350-4BE8-B002-62A9BD320BCB@.microsoft.com...
> but
> profile
> name?
> It's kind of ugly, but you could do TCP/IP filtering on the server level a
nd
> block the IP address of the computer that your "SQL user" uses. A better w
ay
> would be a review of the security implementation, eliminate this commonly
> used account and implement Windows Authentication with nt group membership
.
> Steve
>
>|||
> I will work on the whole problem but I need some time and ofcourse runing
> several projects, support developers, and admin issues......tough.
> Any other suggestions?
Yes, I still recommend my previous suggestion, some times there are no
+easy+ solutions. Sorry.
Steve
[vbcol=seagreen]
commonly[vbcol=seagreen]
membership.|||You can use IPSec to block a particular machine from contacting another
machine on the network.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment