I think you're right on the money Troy, and I'll try what you're suggesting and spend some time because that sounds like a very good idea. I'd like to try and simplify the steps you outline down to what I've mentioned below... if that sounds plausible to you guys (I'm asking, because I think the order is what's been messing me up).
1. Connect to Server B (sql server) using sysadmin (sa user) from Server B. 2. Create new database on Server B using user sysadmin from above. 3. Grant login rights and dbo role on new databases to the original set of credentials from machine A (the user running the install). Troy Howard wrote: > > Seems like the workflow is: > > 1. Connect to Server B (sql server) using an existing sql login (not > windows), that has less than admin level rights (configured where? created > when?). > 2. Somehow obtain different credentials from Server B that have > administrative rights on Server B. > 3. Connect with new credentials to Server B > 4. Create/Attach new database to Server B. > 5. Grant login rights and dbo role on new databases to the original set of > credentials. > > The work flow is flawed though.. It's flawed, because the only way that it > could work would be if the initial lower access account was powerful > enough > to gain admin access through the second account.... Then what is the point > of a second secure admin account in the first place? It's a major security > hole to attempt a solution that would work that way. > > > What you should do instead is... > > 1. Ask user to provide admin credentials and server name/instance for > "Server B" during install (or in a less user friendly context, ask for a > whole connection string). > 2. Ask user to provide account information for a new login account to be > used by "Machine A". (username, password for sql login, or just > domain\account for windows auth) > 3. Connect to Server B with provided existing admin account. > 4. Create/Attach database. > 5. Create new account for Machine A. > 6. Grant login rights and dbo role on new database to the new account. > > Does that make sense, or did I miss the point somewhere? > > Hope that helps, > Troy > > > > > On Tue, Sep 9, 2008 at 2:38 PM, David Reed (SQL) > <[EMAIL PROTECTED]>wrote: > >> If the identity running the installation doesn't have sysadmin >> privileges, >> you're not going to be able to grant anything to yourself... Maybe I'm >> not >> understanding the workflow that you're trying to achieve. We can take it >> offline if you like. >> >> >> >> >> -----Original Message----- >> From: [EMAIL PROTECTED] [mailto: >> [EMAIL PROTECTED] On Behalf Of cemiles >> Sent: Tuesday, September 09, 2008 13:32 >> To: wix-users@lists.sourceforge.net >> Subject: [WiX-users] Re mote SQL Authentication >> >> >> If anyone has come across this let me know. I can post my code if so, >> hopefully for a little advice because I'm between a rock and a >> hard-place. >> >> I need to run my install on a machine (Server A), and need to use sql >> authentication to grab a user w/ sysadmin rights on the remote machine >> (Server B), then use that to create the DB on Server B. Then on Server B >> I'm trying to grantlogin to the user I'm running the install under on >> Server >> A and change the dbo after that. >> >> I'm pretty much stuck and have tried so many scenarios and after a bunch >> of >> reading still no solution. I think the problem resides in my sqlstring >> element. >> >> Any helpers out there? >> -- >> View this message in context: >> http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078503.html >> Sent from the wix-users mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> WiX-users mailing list >> WiX-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/wix-users >> > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's > challenge > Build the coolest Linux based applications with Moblin SDK & win great > prizes > Grand prize is a trip for two to an Open Source event anywhere in the > world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > WiX-users mailing list > WiX-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/wix-users > > -- View this message in context: http://n2.nabble.com/Remote-SQL-Authentication-tp1078503p1078789.html Sent from the wix-users mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ WiX-users mailing list WiX-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wix-users
