[WiX-users] Re mote SQL Authentication
If anyone has come across this let me know. I can post my code if so, hopefully for a little advice because I'm between a rock and a hard-place. I need to run my install on a machine (Server A), and need to use sql authentication to grab a user w/ sysadmin rights on the remote machine (Server B), then use that to create the DB on Server B. Then on Server B I'm trying to grantlogin to the user I'm running the install under on Server A and change the dbo after that. I'm pretty much stuck and have tried so many scenarios and after a bunch of reading still no solution. I think the problem resides in my sqlstring element. Any helpers out there? -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html Sent from the wix-users mailing list archive at Nabble.com. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Re mote SQL Authentication
If the identity running the installation doesn't have sysadmin privileges, you're not going to be able to grant anything to yourself... Maybe I'm not understanding the workflow that you're trying to achieve. We can take it offline if you like. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of cemiles Sent: Tuesday, September 09, 2008 13:32 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Re mote SQL Authentication If anyone has come across this let me know. I can post my code if so, hopefully for a little advice because I'm between a rock and a hard-place. I need to run my install on a machine (Server A), and need to use sql authentication to grab a user w/ sysadmin rights on the remote machine (Server B), then use that to create the DB on Server B. Then on Server B I'm trying to grantlogin to the user I'm running the install under on Server A and change the dbo after that. I'm pretty much stuck and have tried so many scenarios and after a bunch of reading still no solution. I think the problem resides in my sqlstring element. Any helpers out there? -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html Sent from the wix-users mailing list archive at Nabble.com. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Re mote SQL Authentication
Seems like the workflow is: 1. Connect to Server B (sql server) using an existing sql login (not windows), that has less than admin level rights (configured where? created when?). 2. Somehow obtain different credentials from Server B that have administrative rights on Server B. 3. Connect with new credentials to Server B 4. Create/Attach new database to Server B. 5. Grant login rights and dbo role on new databases to the original set of credentials. The work flow is flawed though.. It's flawed, because the only way that it could work would be if the initial lower access account was powerful enough to gain admin access through the second account Then what is the point of a second secure admin account in the first place? It's a major security hole to attempt a solution that would work that way. What you should do instead is... 1. Ask user to provide admin credentials and server name/instance for Server B during install (or in a less user friendly context, ask for a whole connection string). 2. Ask user to provide account information for a new login account to be used by Machine A. (username, password for sql login, or just domain\account for windows auth) 3. Connect to Server B with provided existing admin account. 4. Create/Attach database. 5. Create new account for Machine A. 6. Grant login rights and dbo role on new database to the new account. Does that make sense, or did I miss the point somewhere? Hope that helps, Troy On Tue, Sep 9, 2008 at 2:38 PM, David Reed (SQL) [EMAIL PROTECTED]wrote: If the identity running the installation doesn't have sysadmin privileges, you're not going to be able to grant anything to yourself... Maybe I'm not understanding the workflow that you're trying to achieve. We can take it offline if you like. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of cemiles Sent: Tuesday, September 09, 2008 13:32 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Re mote SQL Authentication If anyone has come across this let me know. I can post my code if so, hopefully for a little advice because I'm between a rock and a hard-place. I need to run my install on a machine (Server A), and need to use sql authentication to grab a user w/ sysadmin rights on the remote machine (Server B), then use that to create the DB on Server B. Then on Server B I'm trying to grantlogin to the user I'm running the install under on Server A and change the dbo after that. I'm pretty much stuck and have tried so many scenarios and after a bunch of reading still no solution. I think the problem resides in my sqlstring element. Any helpers out there? -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html Sent from the wix-users mailing list archive at Nabble.com. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
Re: [WiX-users] Re mote SQL Authentication
I think you're right on the money Troy, and I'll try what you're suggesting and spend some time because that sounds like a very good idea. I'd like to try and simplify the steps you outline down to what I've mentioned below... if that sounds plausible to you guys (I'm asking, because I think the order is what's been messing me up). 1. Connect to Server B (sql server) using sysadmin (sa user) from Server B. 2. Create new database on Server B using user sysadmin from above. 3. Grant login rights and dbo role on new databases to the original set of credentials from machine A (the user running the install). Troy Howard wrote: Seems like the workflow is: 1. Connect to Server B (sql server) using an existing sql login (not windows), that has less than admin level rights (configured where? created when?). 2. Somehow obtain different credentials from Server B that have administrative rights on Server B. 3. Connect with new credentials to Server B 4. Create/Attach new database to Server B. 5. Grant login rights and dbo role on new databases to the original set of credentials. The work flow is flawed though.. It's flawed, because the only way that it could work would be if the initial lower access account was powerful enough to gain admin access through the second account Then what is the point of a second secure admin account in the first place? It's a major security hole to attempt a solution that would work that way. What you should do instead is... 1. Ask user to provide admin credentials and server name/instance for Server B during install (or in a less user friendly context, ask for a whole connection string). 2. Ask user to provide account information for a new login account to be used by Machine A. (username, password for sql login, or just domain\account for windows auth) 3. Connect to Server B with provided existing admin account. 4. Create/Attach database. 5. Create new account for Machine A. 6. Grant login rights and dbo role on new database to the new account. Does that make sense, or did I miss the point somewhere? Hope that helps, Troy On Tue, Sep 9, 2008 at 2:38 PM, David Reed (SQL) [EMAIL PROTECTED]wrote: If the identity running the installation doesn't have sysadmin privileges, you're not going to be able to grant anything to yourself... Maybe I'm not understanding the workflow that you're trying to achieve. We can take it offline if you like. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of cemiles Sent: Tuesday, September 09, 2008 13:32 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Re mote SQL Authentication If anyone has come across this let me know. I can post my code if so, hopefully for a little advice because I'm between a rock and a hard-place. I need to run my install on a machine (Server A), and need to use sql authentication to grab a user w/ sysadmin rights on the remote machine (Server B), then use that to create the DB on Server B. Then on Server B I'm trying to grantlogin to the user I'm running the install under on Server A and change the dbo after that. I'm pretty much stuck and have tried so many scenarios and after a bunch of reading still no solution. I think the problem resides in my sqlstring element. Any helpers out there? -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html Sent from the wix-users mailing list archive at Nabble.com. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url
Re: [WiX-users] Re mote SQL Authentication
Yes, if your end goal is just to install the database and give the user that's running the installation ownership to it and login rights, then those three steps would do it (though you're missing the user enters sa account credentials, and server/instance name in custom installer dialog... You of course, don't want to hardcode them into the installer. ;) If you make them properties they can be set from the command line for automated installs. Thanks, Troy On Tue, Sep 9, 2008 at 3:59 PM, cemiles [EMAIL PROTECTED] wrote: I think you're right on the money Troy, and I'll try what you're suggesting and spend some time because that sounds like a very good idea. I'd like to try and simplify the steps you outline down to what I've mentioned below... if that sounds plausible to you guys (I'm asking, because I think the order is what's been messing me up). 1. Connect to Server B (sql server) using sysadmin (sa user) from Server B. 2. Create new database on Server B using user sysadmin from above. 3. Grant login rights and dbo role on new databases to the original set of credentials from machine A (the user running the install). Troy Howard wrote: Seems like the workflow is: 1. Connect to Server B (sql server) using an existing sql login (not windows), that has less than admin level rights (configured where? created when?). 2. Somehow obtain different credentials from Server B that have administrative rights on Server B. 3. Connect with new credentials to Server B 4. Create/Attach new database to Server B. 5. Grant login rights and dbo role on new databases to the original set of credentials. The work flow is flawed though.. It's flawed, because the only way that it could work would be if the initial lower access account was powerful enough to gain admin access through the second account Then what is the point of a second secure admin account in the first place? It's a major security hole to attempt a solution that would work that way. What you should do instead is... 1. Ask user to provide admin credentials and server name/instance for Server B during install (or in a less user friendly context, ask for a whole connection string). 2. Ask user to provide account information for a new login account to be used by Machine A. (username, password for sql login, or just domain\account for windows auth) 3. Connect to Server B with provided existing admin account. 4. Create/Attach database. 5. Create new account for Machine A. 6. Grant login rights and dbo role on new database to the new account. Does that make sense, or did I miss the point somewhere? Hope that helps, Troy On Tue, Sep 9, 2008 at 2:38 PM, David Reed (SQL) [EMAIL PROTECTED]wrote: If the identity running the installation doesn't have sysadmin privileges, you're not going to be able to grant anything to yourself... Maybe I'm not understanding the workflow that you're trying to achieve. We can take it offline if you like. -Original Message- From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] On Behalf Of cemiles Sent: Tuesday, September 09, 2008 13:32 To: wix-users@lists.sourceforge.net Subject: [WiX-users] Re mote SQL Authentication If anyone has come across this let me know. I can post my code if so, hopefully for a little advice because I'm between a rock and a hard-place. I need to run my install on a machine (Server A), and need to use sql authentication to grab a user w/ sysadmin rights on the remote machine (Server B), then use that to create the DB on Server B. Then on Server B I'm trying to grantlogin to the user I'm running the install under on Server A and change the dbo after that. I'm pretty much stuck and have tried so many scenarios and after a bunch of reading still no solution. I think the problem resides in my sqlstring element. Any helpers out there? -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html Sent from the wix-users mailing list archive at Nabble.com. - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source