Re: Why "sa" is displayed when logging into Emerald using valid username

Dale E. Reed Jr. ( (no email) )
Tue, 25 Aug 1998 17:20:41 -0700

Josh Hillman wrote:
> Why is "sa" displayed when logging into SQL (Emerald / ISQL, etc.) using a
> valid username other than "sa"?

Because you have incorrectly setup mixed/trusted security.

> I've seen this question asked several times on this list and after wondering
> about it for quite a while, finally came across info on it...
> It happens when the following criteria are met:
> 1. SQL Server is set up for "Integrated Security" or "Mixed Security".
> 2. The user is logged into an NT-managed domain.
> 3. The user is an NT administrator on the NT domain.
> Do any of the following require SQL Server's "Integrated Security" to
> function correctly/optimally together?:
> Emerald 2.1.11 (or later)
> RadiusNT 2.5.124 (or later)
> ServU FTP 2.3c (or later) using emer_su.dll
> OR, is there a way of preventing SQL Server from associating "sa" with an
> NT-administrative account (aside from removing that account from the NT
> Administrators group) while using Integrated/Mixed security?

Yes. This is covered in the SQL Server Adminstrator's Companion.
Create two groups on your domain, SQLUsers and SQLAdmins. Put
Everyone in SQLUsers except the domain admin. Put the Domain Admin
in the SQLAdmins group and no one else. Don't login as the domain
admin normally, also. :)

Finally, go into the SQL Security manager, add the SQLAdmins as an
sa group, revoke the domain admnstrators as an sa group, and add the
SQLUsers as a normal user group.

If anyone remembers a long time ago, the instructions to do this
where in the original "how to Setup RadiusNT 1.16 with SQL Server"
notes. <GRIN>

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |