Run SSMS using different Windows account

at Posted by
You can log on to a SQL Server database using SQL Server Management Studio (SSMS) with a Windows Authentication login / NT account / Windows login.

However, the Active Directory domain account to do this with cannot be entered. It is greyed out and always the account of the user that is currently logged on.

There are several ways to bypass this and make a connection:

1) Run SSMS under different privileges
  • Create a shortcut to SSMS with the following command:
    runas /netonly /user:domain\usr "g:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe"
  • Double-click the shortcut and enter password for the runas account
Note: SSMS can be located somewhere else, depending on the choice made for the location when installing or the operating system. When using Windows 7 x64, then the tool is by default located as specified above.

Note: The greyed-out login screen in SSMS still displays the logged on user, not the runas account. This might be confusing.

1a) Run SSMS under different privileges, without needing to enter a password
  • Download "runasspc" (can be easily found with a search engine)
  • Extract "runasspc.exe" from the zip file and copy to the windows folder
  • Create a shortcut to SSMS with the following command:
    runassprc "g:\Program Files (x86)\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\SqlWb.exe" /domain:domain /user:usr /password:pwd
2) Create a network connection to the remote server
  • Open a command windows (Win+R, cmd.exe)
  • Delete all mappings: net use * /delete /y
  • Create mapping to SQL Server server: net use \\servername /user:domain\usr
  • Start SQL Server Configuration Manager via Programs (or locate SQLServerManager.msc directly)
  • Open SQL Native Client Configuration
  • Enable Named Pipes protocol and move to top in the order
  • Add a new alias. Use:
    a. "Named Pipes" as network library
    b. Server name: fill in remote server name. The pipe field will display: \\[servername]\pipe\sql\query"
  • Start SSMS
    a. Server name: fill in remote server name
    b. Authentication: Windows Authentication
    c. Connection Properties -> Network Protocol, set to Named Pipes
Note: SSMS automatically uses the account name from the connection to the remote server.

3) Set credentials for a remote server using Credential Manager
  • Control Panel -> Credential Manager
  • Add the domain\account and password for the remote server
Note: use the fully qualified server name and port, e.g. remoteserver.domain.com:1433

4) Set terminal services Active Directory rights
Get the "allow logon to terminal services" right for the remote server for the domain account. Then make a terminal services connection to the server with that account and start SSMS within that session.

Links:
http://www.olegsych.com/2009/05/crossing-domain-boundaries-windows-authentication/
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)