Hello,
I've Windows 2000 server with SQL 2000 server running.
I have a SQL user (let's call miniSa) which is mostly "sa" on one SQL box.
And that account is used to all over the places (VB apps,Web app, DTS
connection). Now I know that a person shouldn't be access to the SQL box bu
t
he does using the account. Only way I can track down him is from SQL profil
e
with his machine name.
Is there a way that I can block the SQL box only from a specific machine nam
e?
Thank you in advance.
SangHun"SangHunJung" <SangHunJung@.discussions.microsoft.com> wrote in message
news:F23A84F9-6350-4BE8-B002-62A9BD320BCB@.microsoft.com...
> I've Windows 2000 server with SQL 2000 server running.
> I have a SQL user (let's call miniSa) which is mostly "sa" on one SQL box.
> And that account is used to all over the places (VB apps,Web app, DTS
> connection). Now I know that a person shouldn't be access to the SQL box
but
> he does using the account. Only way I can track down him is from SQL
profile
> with his machine name.
> Is there a way that I can block the SQL box only from a specific machine
name?
It's kind of ugly, but you could do TCP/IP filtering on the server level and
block the IP address of the computer that your "SQL user" uses. A better way
would be a review of the security implementation, eliminate this commonly
used account and implement Windows Authentication with nt group membership.
Steve|||Thanks for the reply Steve.
Using TCP/IP Filtering is not an option because of DHCP server. I may use
MAC address but that way that user may not use all the apps in the server.
I
don't want that happen either. I want just SQL server databases access
denied from the PC.
I will work on the whole problem but I need some time and ofcourse runing
several projects, support developers, and admin issues......tough.
Any other suggestions?
SangHun
"Steve Thompson" wrote:
> "SangHunJung" <SangHunJung@.discussions.microsoft.com> wrote in message
> news:F23A84F9-6350-4BE8-B002-62A9BD320BCB@.microsoft.com...
> but
> profile
> name?
> It's kind of ugly, but you could do TCP/IP filtering on the server level a
nd
> block the IP address of the computer that your "SQL user" uses. A better w
ay
> would be a review of the security implementation, eliminate this commonly
> used account and implement Windows Authentication with nt group membership
.
> Steve
>
>|||
> I will work on the whole problem but I need some time and ofcourse runing
> several projects, support developers, and admin issues......tough.
> Any other suggestions?
Yes, I still recommend my previous suggestion, some times there are no
+easy+ solutions. Sorry.
Steve
[vbcol=seagreen]
commonly[vbcol=seagreen]
membership.|||You can use IPSec to block a particular machine from contacting another
machine on the network.
Thanks,
Kevin McDonnell
Microsoft Corporation
This posting is provided AS IS with no warranties, and confers no rights.
Showing posts with label minisa. Show all posts
Showing posts with label minisa. Show all posts
Sunday, March 11, 2012
Subscribe to:
Posts (Atom)