SQL Server downgrading SQL Server 2000 run the setting method with the GUESTS permission, sqlguests
Due to vulnerabilities in the SQL2000 database, hackers can easily obtain system administrator privileges.
By default, SQL runs with the SYSTEM permission, which is extremely powerful.
To make the server more secure, we recommend that you set SQL2000 to run with the GUESTS permission so that hackers cannot obtain the system administrator permission even if they intrude into the database to prevent further damage.
The specific settings are as follows:
1. Create an account (sqlservice) that belongs to the GUESTS group. Cancel other permissions and only allow the GUESTS group, for example:
2. Go to the SQL SERVER security directory and set the "sqlservice" account to have full control permissions.
My local SQL is installed in: D: \ Program Files \ Microsoft SQL Server \. Therefore, the permission directory must be set to: D: \ Program Files \ Microsoft SQL Server \ MSSQL \
3. Set the "sqlservice" read permission for the root directory of the SQL installation disc. I am a local D disk.
4. Open SQL Enterprise Manager, right-click (local) (windows NT), and select "properties"
5. In the displayed window, select "security", select "Start Service Account"-"This account", enter the newly created sqlservice and password, and click "OK" to save the configuration.
At this time, the system will prompt you whether you need to restart the SQL, and select "OK" to restart.
As shown in, the user name is "sqlservice", indicating that it has been set.
How to assign permissions to roles created in SQL Server?
A role is a powerful tool that allows you to centralize users into a unit and then apply permissions to the Unit. Permissions granted, denied, or abolished to a role also apply to any member of the role. You can create a role to represent the work performed by a group of employees in the Organization, and then assign appropriate permissions to this role. When a staff member starts to work, they only need to be added as members of the role. When they leave work, they will be deleted from the role. You do not have to repeatedly Grant, deny, or revoke permissions when everyone accepts or leaves work. Permissions automatically take effect when a user becomes a role member.
Microsoft®Windows NT®And Windows®The usage of Group 2000 is similar to that of the role. For more information, see group.
If a series of roles are defined based on work functions and each role is assigned permissions suitable for the job, it is easy to manage these permissions in the database. Then, you do not need to manage the permissions of each user, but only need to move the user between roles. If the job function changes, you only need to change the role's permissions once and make the changes automatically applied to all members of the role, making the operation easier.
In Microsoft®SQL Server™In versions 2000 and 7.0, users can belong to multiple roles.
The following script describes how to add logon, user, and role, and grant permissions to the role.
USE master
GO
Sp_grantlogin 'netdomain \ john'
GO
Sp_defaultdb 'netdomain \ john', 'Course'
GO
Sp_grantlogin 'netdomain \ sara'
GO
Sp_defaultdb 'netdomain \ sara', 'Course'
GO
Sp_grantlogin 'netdomain \ Betty'
GO
Sp_defaultdb 'netdomain \ Betty ', 'Course'
GO
Sp_grantlogin 'netdomain \ ralph'
GO
Sp_defaultdb 'netdomain \ ralph', 'Course'
GO
Sp_grantlogin 'netdomain \ Diane'
GO
Sp_defaultdb 'netdomain \ Diane ', 'Course'
GO
USE courses
GO
Sp_grantdbaccess 'netdomain \ john'
GO
Sp_grantdbaccess 'netdomain \ sara'
GO
Sp_grantdbaccess 'netdomain \ Betty'
GO
Sp_grantdbaccess 'netdomain \ ralph'
GO
Sp_grantdbaccess 'netdomain \ Diane'
GO
Sp_addrole 'Role sol'
GO
Sp_addrole 'student'
GO
Sp _... the remaining full text>
How to set the users and permissions of SQL server 2008 Databases
I do not have sql2008 locally, but only sql2005. Because sql2000 and sql2005 are similar, haha, it is estimated that 08 and 05 are similar, you should try the following sql2005 method: database -- "security --" right-click the login name -- new, then you can create a login name and Set permissions. Haha, try it!