FIX: Attempt to Set SQL Server Startup Account to SQL Server Login without Rights Gives the Login Sysadmin Privileges (299935)
The information in this article applies to:
- Microsoft SQL Server 2000 (all editions)
This article was previously published under Q299935
BUG #: 352712 (SHILOH_BUGS)
SYMPTOMS
If you set up a SQL Server login with no privileges on a server that uses Microsoft Windows Authentication, if you attempt to start the SQL Server service under this account, the SQL Server login is granted system administrator ( sa) privileges after a series of error messages appear, which include:
Microsoft SQL-DMO (ODBC SQLState: 42000)
---------------------------
Error 22042: xp_SetSQLSecurity() returned error -2147023108, 'The
trust relationship between the primary domain and the trusted domain failed.
Microsoft SQL-DMO (ODBC SQLState: 42000)
---------------------------
Error 22042: xp_SetSQLSecurity() returned error -2147023108, 'No
Mapping between Account Names and security Id's was done'
SQL Server Enterprise Manager
---------------------------
The permissions of the SQL Server directories and registry locations
could not be set for the new service account. Continuing to change
the account could cause SQL Server to be unable to start. Do you wish to continue?
---------------------------
Yes No
---------------------------
Microsoft SQL-DMO (ODBC SQLState: 42000)
---------------------------
Error 22035: 'No Mapping between Account Names and security Id's was done'
RESOLUTIONTo resolve this problem, obtain the latest service pack for SQL Server 2000. For additional information, click the following article number to view the article in the
Microsoft Knowledge Base:
290211 INF: How to Obtain the Latest SQL Server 2000 Service Pack
STATUSMicrosoft has confirmed that this is a problem in SQL Server 2000. This problem was first corrected in SQL Server 2000 Service Pack 1.
| Modification Type: | Major | Last Reviewed: | 10/3/2003 |
|---|
| Keywords: | kbBug kbfix kbSQLServ2000sp1fix KB299935 |
|---|
|