Looking for a temporary fix for the environment while we overhaul security.
Presently we have some machines that use Mixed mode authentication; local accounts were created for reporting & application purposes. Over time some users managed to get a hold of the passwords of said accounts, and now log into the server to do their work with the SQL Server account instead of their NT account, sometimes allowing them permissions they shouldn't have.
So, I figured the easiest way to solve this short term (it will take awhile to update some of our older applications/reports to use a different password) would be to restrict what machines/hostnames or applications the SQL Server logins can connect from. If I can set them to just allow connections from our webservers, that would theoretically prevent the users from logging in from their laptops/desktops using the accounts.
Anybody know if that's possible? If so, how?
Thanks in advance.
EDIT: SQL Server 2000 and 2005 machines. All our 2008 machines have been managed much better
Presently we have some machines that use Mixed mode authentication; local accounts were created for reporting & application purposes. Over time some users managed to get a hold of the passwords of said accounts, and now log into the server to do their work with the SQL Server account instead of their NT account, sometimes allowing them permissions they shouldn't have.
So, I figured the easiest way to solve this short term (it will take awhile to update some of our older applications/reports to use a different password) would be to restrict what machines/hostnames or applications the SQL Server logins can connect from. If I can set them to just allow connections from our webservers, that would theoretically prevent the users from logging in from their laptops/desktops using the accounts.
Anybody know if that's possible? If so, how?
Thanks in advance.
EDIT: SQL Server 2000 and 2005 machines. All our 2008 machines have been managed much better
Facebook
Twitter