BUG: SQL 6.5 Security Manager Incorrectly Maps Users from Non-Default Domain

• Microsoft SQL Server version 6.5

SYMPTOMS

When you attempt to grant a local Windows NT group access to a Microsoft SQL Server using the Microsoft SQL Server Security Manager, Windows NT user accounts that are not from the default Microsoft SQL Server domain will be incorrectly mapped to the Microsoft SQL Server default login ID (guest). This will only occur if the local group contains groups or users from multiple Windows NT domains.

Windows NT user accounts may also show correct mappings in Microsoft SQL Security Manager GUI but the user accounts do not get mapped correctly at the Microsoft SQL Server login level. The incorrect mappings can be verified by querying the syslogins system table; "select * from syslogins".

WORKAROUND

The mappings get created correctly only if the local Windows NT group contains users from just one Windows NT domain group. If a Windows NT local group contains users from two or more Window NT domain groups the mappings are created correctly for only the default Windows NT domain groups.

The workaround is that since mapping works correctly when the local Windows NT group contains just one domain Windows NT group, you must create as many local Windows NT groups as Windows NT domain groups.

STATUS

Microsoft has confirmed this to be a problem in SQL Server version 6.5.

Additional query words:

Keywords : SSrvAdmin kbbug6.50 kbSQLServ650bug kbSQLServ650sp5bug kbDSupport
Version : winnt:6.5
Platform : winnt
Issue type : kbbug