DOCUMENT:Q196223 03-SEP-1999 [sms] TITLE :SMS: How to Configure SMS Security for Individual User Accounts PRODUCT :Microsoft Systems Management Server PROD/VER:winnt:1.2 OPER/SYS: KEYWORDS:kbSecurity kbsms120 kbsmsAdmin ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Systems Management Server version 1.2 ------------------------------------------------------------------------------- SUMMARY ======= You can configure Systems Management Server to provide individual user account permissions for database access, and to limit Remote Control access to specific users. This article describes the steps necessary to configure SQL Server and Systems Management Server to allow a Systems Management Server administrator to provide user-level access permissions for a user group. MORE INFORMATION ================ To grant permissions to domain user accounts, SQL Server must be made aware of the domain user accounts. To do this, you must configure SQL Server to use Mixed or Integrated security, using the following steps: 1. In Windows NT User Manager for Domains, create a group for the user accounts you want to be given access to Systems Management Server. For this example, the group will be called SMSUsers. After creating the group, add any user accounts to this group that you want to be able to access Systems Management Server clients. 2. From the SQL Server program group on the SQL Server, start SQL Setup. Click the Continue button until you are able to select Set Security Options. Make sure Set Security options is selected and then click Continue once more. In the Login Security Mode section of the Set Security Options dialog box, select either Mixed or Integrated security and then click OK. 3. Stop and restart the MSSQLServer service. 4. From the SQL Server program group, start SQL Security Manager. On the View menu, click User Privilege. 5. On the Security menu, click Grant New. The Grant User Privilege dialog box appears. Click to select SMSUsers from the list of groups. At the bottom of the dialog box, ensure that the Add Login IDs For Group Members and Add Users To Database options are checked. Ensure that the SMS database is selected in the drop-down list, and then click Grant. After it is finished, click Done. If errors are reported, click Error Detail to view the reasons for the errors. 6. From the Systems Management Server program group, start SMS Security Manager. The user accounts should now be available in the drop down list. NOTE: There may be a several minute delay before the new user accounts are visible in the drop down list. Also, any new domain user accounts created after this procedure will need to be added to SQL Security Manager; they are not added automatically. To do this, you can do either of the following: - Add the new account(s) to SQL Security Manager individually. -or- - In SQL Security Manager, remove and re-add the group you created in Step 1 of this procedure (in this example, the SMSUsers group). Doing this re-enumerates the group membership list in SQL Security Manager. Note that you should make sure the new accounts have been added to the SMSUsers group before performing this step. Additional query words: prodsms ====================================================================== Keywords : kbSecurity kbsms120 kbsmsAdmin Technology : kbSMSSearch kbSMS120 Version : winnt:1.2 Issue type : kbhowto kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1999.