Under which circumstances can a *local* user account access a remote SQL Server with a trusted connection?

Posted by Heinzi on Server Fault See other posts from Server Fault or by Heinzi
Published on 2012-10-03T07:30:26Z Indexed on 2012/10/03 9:39 UTC
Read the original article Hit count: 398

One of our customers has the following configuration:

  • On the domain controller, there's an SQL Server.
  • On his PC (WinXP), he logs on with LocalPC\LocalUser.
  • In Windows Explorer, he opens DomainController\SomeShare and authenticates as Domain\Administrator.
  • He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It works. In SSMS, the connection shows up with the user Domain\Administrator.

Firstly, I was surprised that this even works. (My first suspicion was that there is a user with the same name and password in the domain, but there is no user LocalUser in the domain.)

Then we tried to reproduce the same behaviour on his new PC, but failed:

  • On his new PC (Win7), he logs on with OtherLocalPC\OtherLocalUser.
  • In Windows Explorer, he opens DomainController\SomeShare and authenticates as Domain\Administrator.
  • He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It fails with the error message Login failed for user ''. The user is not associated with a trusted SQL Server connection.

Hence my question: Under which conditions can a non-domain user access a remote SQL Server using Windows Authentication with different credentials? Apparently, it's possible (it works on his old PC), but why? And how can I reproduce it?

© Server Fault or respective owner

Related posts about sql-server

Related posts about domain