As all of you know it is possible to query active directory from SQL Server with using ADSI provider as linked server. This solution works fine until you will have a lot of users in active directory. According to best practice guide windows system engineers always configured AD to return no more then...

In this demo i will try to explain why SET TRUSTWORTHY ON on some databases may make the sysadmin job unsafe. In previous posts i explained how db owner (or any developer) can try to implemet simplest luring attack against server sysadmin. According to BOL to avoid this problem sysadmin should switch...

Let assume you are using Windows Authentication with SQL Server 2005, you've added a new server account for domain group and would like to give it a default schema. The properties window is the same for users and groups but the default schema field is enabled only for user entities. As a result you cannot...

Last month I’m working with a client to create something like non-standard security model. He asked for the following features: - server–level management only for sa (server admin). - database–level management for dbo (one or more dbo per database). Dbo is responsible for database's user management...

Few days ago I worked for one client. He uses the following business model: - dbo usually responsible for high level database design and maintenance; - all database users organized in additional security groups for security purposes; - dedicated person is responsible for user’s security maintenance...