On server BOB, the SQL Services are running under an ID that by default was
added to the SQL server groups
SQLServer2005MSFTEUser$-ServerName-$MSSQLSERVER etc. However, the ID is also
under the administrators group and I would like to remove it from there. I

Idealy I want to grant helpdesk group "reset password" for sql logins
permission only. Is this possible? Do I have to add them to securityadmin
which can grant, deny etc?
Thanks,

On my box I have Sql Server 2005 installed in mixed-mode.
I created a db and by default ( I assume ) it's owner is set to my logged-on
(local) Windows user.
I backup the db and successfully restore it onto another box with another

In SQL Server 2005, when you create a user group that is linked to a domain
group, and you then rename the domain account on the domain controller, SQL
Server does not rename the local SQL user group.    Is there a
straightforward way to rename the SQL Server user group?

I am trying to confirm best practice security configuration and was under the
impression that when using SQL Server standard login i could see the user id
and password.  I used NetMon v3.1 and this did not appear to be the case.  I
see the queries to sysdatabases, but the IP ...

db2040 @  2005 SP2 CTP (December) - Fix List   9.00.3033
I am an administrator on the box.  I ran the installation  packages as
follows:
SQLServer2005-KB934458-x86-ENU.exe      2005 SP2+Q934458    9.00.3054    

I am trying to collect and educate myself on the specific security risks
involved with some one having access to data dictionaries and metadata in SQL
server. Does anyone have any documentation on this? Thank you in advance

How would I deny a user the delete permission on an entire DB? I do not want
them to be able to even delete a row from any table.

ALL,
We are currently undergoing a SQL injection attack.  While I have denied
all access to system tables in the databases for the account in
question, I was wondering if there is any risk in denying execute rights

I have an Access 2003 FE connected to SQL Server 2005 backend. I want to
identify each row of tables against each users, so I add a column 'Owner'
and have a default value to (suser_sname()).
I add a test record and found that (suser_sname()) return Domain\username.

Does a  SQL Server 2000 Account credebtials get passed from a aspx file to
the SQL Server in clear text?
My understanding is that the default port for SQL Server is 1433 and if a
sniffer were put in front of the SQL Server what form would the username and

I have asked this before; however, I never got a response. Before I start
using crypto (e.g. blowfish) to encrypt my connection strings in web.config
I would like to know that it is necessary. I feel that it should not be
necessary.

we have setup up reporting server and while configuring database
Database setup > domain account is provided
It fails here @ grant rights. with following error
------------------------------------------------------------------------------------------------

Our Active Directory team renamed a group name from DOMAIN\GROUP1 to
DOMAIN\GROUP2. Although everything is Ok on Windows side (All references to
DOMAIN\GROUP1 is changed to DOMAIN\GROUP2 for example in local admin), SQL
Server still shows DOMAIN\GROUP1 in its login list and ...

I found some of the users who has db_owner right, I'm afraid that more
people have it. Is there a way to find them using a script?
Thanks a lot,
Sarah