SQL Server Authentication Mode

Issue

In Mixed Mode, user name and password information is stored in SQL Server. Mixed Mode is only intended for use in networks in which the servers, clients and network infrastructure are physically protected, and all users are trusted. It is included in SQL Server 7.0 only to provide backward compatibility with previous releases, and to allow interoperability with products that do not support Windows NT Authentication.

In contrast, Windows NT Authentication Mode uses the normal Windows NT authentication mechanism, which was built for use in environments where security is important. All authentication information is housed on the domain controller rather than the SQL Server, and it is protected because the information is encrypted.

Solution

Change SQL Servers on your system that use Mixed Mode to Windows Authentication Mode, if possible.

Instructions

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
  2. Double-click Microsoft SQL Servers and SQL Server Group, right-click the server that you want to secure, and then click Properties.
  3. In the SQL Server Properties dialog box, click the Security tab.
  4. Under Authentication, click Windows only.
Note: If the server is not currently running, it may take several moments to start. 

Additional Information

SQL Server 7.0 Security

Microsoft SQL Server 2000 Security

Microsoft Security Bulletin (MS00-035): Frequently Asked Questions

⌐ 2002 Microsoft Corporation. All rights reserved.