tags:

views:

375

answers:

1
Q: 

Allow anonymous access to SQL Server 2008

I need to set up a "throw-away" instance of SQL Server 2008 for students to test a program for a few weeks. SQL Server 2008 is running on a virtual instance of Windows Server 2008. The server is not a member of the domain. The client computers that need to connect to the SQL Server are domain members, as are the student accounts. The client program expects to connect with Windows Authentication. This would all be very simple if the server were in the domain; despite lengthy discussions with the school's IT, this is not going to happen...

So: I need to configure the SQL Server to accept connections from these clients. I'm no sys-admin, so my best guess (based on this article) was:

  1. Enable the Guest account on Windows

  2. Add "NT AUTHORITY\ANONYMOUS LOGON" to the logins accepted by the SQL Server

  3. Set "Network Access: Allow anonymouse SID/Name translation" in Local Security Policy

  4. Add the registry entry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock and set it to 1

By my reckoning, that should have done it, but the clients still cannot connect. Can anyone give me a recipe for getting this to work? Basically telling the SQL Server to accept connections from anyone and everyone?

p.s. No security worries: this is all behind the school firewall, and I will reset the instance when we are done.

A: 

In order for two machines to connect using Windows Authentication, one of two things must be true:

  1. The machines are in the same domain, or
  2. The machines are in the same workgroup and the Windows account has the same password on both machines

If neither is true, then the only alternative is SQL Authentication (SQL Server-specific username and password).

RickNZ  2009-11-17 09:51:14
Anonymous or Guest access is not possible?
Brad Richards  2009-11-17 12:36:44
I'm not 100% sure, but I don't think so. Under the covers, Windows Auth doesn't use strings to authenticate users; it uses SIDs. AFAIK, SIDs for built-in accounts are different from one workgroup or domain to another, so unrelated machines can't determine which account name is really the "anonymous" one. Some of the issues are explained in the following MS KB article, but from what you said in your question, I'm guessing you already saw this (plus, it only applies to SQL 2005 and Windows Server 2003 anyway): http://support.microsoft.com/kb/839569
RickNZ  2009-11-17 13:13:12
Since it's a "throw away" instance, have you considered running SQL 2008 on a virtual machine? That way, the VM could be in the same workgroup as your students. Plus, it makes resetting things afterwards very easy.
RickNZ  2009-11-17 13:16:06
It seems to truly be the case: no way to allow anonymous access. Rick, thanks for your inputs! Since I can't make the machine a domain member (and I can't take the student machines *out* to make a workgroup) - the only solution appears to be to get the source code and alter the database connection strings to use SQL security. Not ideal, but at least possible. Thanks again!
Brad Richards  2009-11-23 15:46:12

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?