quote:Originally posted by VBAHole22
My problem is that I realized that if I were a user on these machines I could just go into the Connection menu and change the security to Windows NT integrated and have full access to do whatever I want in the db.
Windows Integrated Security simply means that a user attempting to connect to a SQL Server database does not supply an explicit username and password; instead, the server obtains the user's NT logon account information and uses that to validate access to the server and/or database. If that NT username is not an authorized user of the server and database, or if the user is not a member of a NT user group which is authorized access to the server or database, the user will not be granted access.
The difference between the two modes is whether SQL Server maintains the UserName and Password internally and validates a user presenting a UserName/Password against that information, or whether the server obtains the connecting user's NT user account information and validates using that.
In either case, you must define the level of access granted to the UserName (or optionally, in the case of Integrated Security, the group it is in).
You still have complete control over which databases and what kind of access to grant, since you must still set up the UserName as a valid user in SQL Server in either case. With Integrated Security, though, you can instead manage users at the group level. Thus users can be added or deleted simply by adding or removing them from the NT login group, without having to go to the Server at all to manage the accounts.
Custom Apps, Inc.