Under which circumstances can a *local* user account access a remote SQL Server with a trusted connection?
Posted
by
Heinzi
on Server Fault
See other posts from Server Fault
or by Heinzi
Published on 2012-10-03T07:30:26Z
Indexed on
2012/10/03
9:39 UTC
Read the original article
Hit count: 398
One of our customers has the following configuration:
- On the domain controller, there's an SQL Server.
- On his PC (WinXP), he logs on with
LocalPC\LocalUser
. - In Windows Explorer, he opens
DomainController\SomeShare
and authenticates asDomain\Administrator
. - He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It works. In SSMS, the connection shows up with the user
Domain\Administrator
.
Firstly, I was surprised that this even works. (My first suspicion was that there is a user with the same name and password in the domain, but there is no user LocalUser
in the domain.)
Then we tried to reproduce the same behaviour on his new PC, but failed:
- On his new PC (Win7), he logs on with
OtherLocalPC\OtherLocalUser
. - In Windows Explorer, he opens
DomainController\SomeShare
and authenticates asDomain\Administrator
. - He starts our application, which opens a trusted connection (Windows authentication) to the SQL Server. It fails with the error message
Login failed for user ''. The user is not associated with a trusted SQL Server connection.
Hence my question: Under which conditions can a non-domain user access a remote SQL Server using Windows Authentication with different credentials? Apparently, it's possible (it works on his old PC), but why? And how can I reproduce it?
© Server Fault or respective owner