[AccessD] Slightly OT - network shares question

Stuart McLachlan stuart at lexacorp.com.pg
Sat Jul 4 17:47:21 CDT 2009


It al depends on the "trust relationships"  
You have no rights to do acces or use on a domain other than the one you authenticate 
through unless the other domain has been set up to "trust" your domain.

Example 1:  SQL Server access rights can eith be controlled by Active Directory or by SQL 
Server Login authentication.

Using AD, your domain credentials you gain access rights to  SQL Server based on what the 
SQL administator assignes and rights to  other domain resources that you have been 
granted access to by the Domain Administrator. 

Using SQL Server login, you have whatever rights the  SQL administrator assigns to you 
wihtin SQL Server.   The SQL Server administrator can't gives you rights to  any other 
domain resources - certainly not the right to read a directory on a computer you don't have 
the domain rights to access.   

Looks like Example 2 is the second scenario.


Second verse, same as the first, a little bit louder and a little but worse <g>

Cheers,
Stuart

On 4 Jul 2009 at 14:38, Mark Simms wrote:

> Given a corporate Windows network environment that has multiple domains, if
> one assumed that the network was all connected thru routers, bridges,
> switches, etc (I'm no network engineer), wouldn't be a very simple task to
> make a share to connect one domain's server's folder to another ?
>  
> One Example: I was working with SQL Server on a server called XXX001 and it
> was addressable from my login domain.
> However, I could not BCP or even do an xp_cmdshell "DIR" to any of the
> network shares that were made available to me.
> I always got "access denied" from SQL Server.
> Was this a network issue or a SQL Server role/rights issue ?
>  
> Another Example: Crystal reports was running from one server called YYY003.
> I couldn't extract the report files to any of my login's network shares.
> Couldn't they have easily introduced a permanent share on YYY003 to point to
> a folder in one of the shares I could read/write to ?
> This wasn't hard, correct ?
>  
> -- 
> AccessD mailing list
> AccessD at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/accessd
> Website: http://www.databaseadvisors.com





More information about the AccessD mailing list