It is important to remember this because if you change authentication modes at a later time, you will need to enable this account and establish a password at that point if you wish to us
Trang 1ExERciSE 4.3
Create a sQl server logiN
You need to add a new SQL Server Login and it will be mapped to a domain
account and be set up to access the AdventureWorks2008 database.
1 in the SQL Server Management Studio, locate the security folder
at the instance level.
2 Under the security folder you will see a folder named Logins
Right-click on Logins and select New Login from the menu.
3 in the “Login – New” window in the general section locate the
domain account that you need to map to the login Make sure
that Windows authentication is selected.
4 For the Default Database, select AdventureWorks2008.
5 Now switch sections and select User Mapping.
6 in the User Mapping section, locate AdventureWorks2008 in the
“Users mapped to this login” section and check the Map column
Your entries should look similar to Figure 4.7 and Figure 4.8.
7 click on OK and you have completed creating a new SQL
Server login.
Figure 4.7 General Section
Trang 2Authentication Mode
When you are installing SQL Server 2008, the selection of an authentication mode for the database engine is required The choices are either Windows authentication
or mixed mode authentication
If you select the Windows authentication mode, SQL Server authentication will
be disabled Selecting mixed mode authentication enables both Windows and SQL Server authentication You cannot disable Windows authentication
When selecting mixed mode authentication you are required to establish a strong password for the sa account If you selected Windows authentication, the sa account will be created but disabled It is important to remember this because
if you change authentication modes at a later time, you will need to enable this account and establish a password at that point if you wish to use this account Changing the authentication mode can be done at anytime but it does require that you restart SQL Server You can change the authentication mode by right clicking on the server in the SQL Server Management Studio and the change can
be made under security in the Server Authentication section See Figure 4.9
Figure 4.8 User Mapping Section
Trang 3Using Windows Authentication (integrated security) is recommended and
considered to be more secure than using SQL Server logins or mixed mode
Windows accounts are subject to the built-in security features in Windows and are
sometimes considered to be Trusted connections to SQL Server since Windows
handles the authentication
If you are using mixed mode, Any SQL Server Logins created that are not based
on Windows user accounts are required to follow strong password guidelines
Database users using SQL Server logins will need to login using a user name and
password every time they connect
Figure 4.9 SQL Server – Server Authentication Properties
TesT Day Tip
Make sure that you know what you need to do to change the
Authentication mode.
Trang 4SQL Server logins offer the following password policies:
User must change password at next login – Established in the Log-in
■
■
properties in the SQL Server Management Studio
Enforce Password Expiration – Based on the maximum password age
■
■
policy of the computer
Enforce Password Policy – SQL Server enforces Windows password
■
■
policies established on the computer This is only available in Windows 2003 Server and later
When you are establishing using SQL Serving authentication, it is important to
be aware of the disadvantages and advantages Here are some of the disadvantages:
A Windows domain user who has a Windows user id and password will
■
■
have to also enter their SQL Server user id and password The user will have to present the SQL Server credentials every time they connect, and maintaining multiple user ids and passwords can be troublesome for users SQL Server Logins cannot not take advantage of the Kerberos security
■
■
protocol that is used by Windows
SQL Server Logins cannot offer many of the additional Windows
■
■
password policies
Here are some of the advantages:
SQL Server can support older applications that require the use of SQL
■
■
Server Logins
Users in an environment of mixed operating systems where users are not
■
■
authenticated by a Windows domain can connect to SQL Server
Users can connect from unknown or untrusted domains
■
■
Users can connect when creating their own identities in Web-based applications
■
■
Software developers can distribute applications based on specific SQL
■
■
Server Logins
exam Warning
You will need to understand the advantages and disadvantages of the Authentication Modes.
Trang 5ExERciSE 4.4
ChaNge the aUtheNtiCatioN MoDe
You selected mixed mode authentication when you installed SQL Server
2008 You have done some research and have found that none of the
applications connected to SQL Server are depending on SQL Server Logins
so you want to make your environment more secure and have decided to
switch the Authentication Mode to Windows Authentication exclusively.
1 in the SQL Server Management Studio, right-click on the server
and select Properties from the menu.
2 in the Security Authentication section of the screen, select
Windows Authentication Your screen should look like Figure 4.10.
3 click on OK to save the change.
4 Restart SQL Server.
Figure 4.10 changing the Authentication Mode