Professional Documents
Culture Documents
Introduction
Configuring Server Security
Managing Access to the Server, SQL Server Instance and Databases
Summary
Introduction
The Manage Logins and Server Roles module provides you with the instruction and
server hardware to develop your hands on skills in the defined topics. This module
includes the following exercises:
Lab Diagram
During your session you will have access to the following lab configuration. Depending
on the exercises you may or may not use all of the devices, but they are shown here in the
layout to get an overall understanding of the topology of the lab.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 1/31
7/23/2019 Print content
In this module you will be working on the following equipment to carry out the steps
defined in each exercise.
To start, simply choose a device and click Power on. In some cases, the devices may
power on automatically.
For further information and technical support, please see our Help and Support
page.
Copyright Notice
This document and its content is copyright of Practice-IT - © Practice-IT 2014. All rights reserved. Any
redistribution or reproduction of part or all of the contents in any form is prohibited other than the
following:
1) You may print or download to a local hard disk extracts for your personal and non-commercial use
only.
2) You may copy the content to individual third parties for their personal use, but only if you
acknowledge the website as the source of the material. You may not, except with our express written
permission, distribute or commercially exploit the content. Nor may you transmit it or store it in any
other website or other form of electronic retrieval system.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 2/31
7/23/2019 Print content
Step 1
Ensure you have powered on the required devices and Connect to PLABSQL01.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 3/31
7/23/2019 Print content
In the left pane, select Security. The right pane displays the contents of the Security
tab.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 4/31
7/23/2019 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 5/31
7/23/2019 Print content
The Microsoft SQL Server Management Studio dialog box is displayed. Click OK
to close the dialog box.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 6/31
7/23/2019 Print content
The Microsoft SQL Server Management Studio dialog box is displayed. Click Yes.
The Service Control dialog box shows the restart progress. Click Close to close the
dialog box.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 7/31
7/23/2019 Print content
To secure the SQL Server using Windows account / SQL Server account, server roles,
perform the following steps:
Step 1
Click the start menu and hover over Administrative Tools and then select Active
Directory Users and Computers.
The Active Directory Users and computers window will appear, expand
PRACTICELABS.COM within the right panel, then right click users and select New
> User.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 8/31
7/23/2019 Print content
Click Next.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 9/31
7/23/2019 Print content
Passw0rd
Remove the tick box for User must change password at next logon and add
Password never expires
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 10/31
7/23/2019 Print content
Click finish.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 11/31
7/23/2019 Print content
Step 2
From Microsoft SQL Server Management Studio.
In Object Explorer, right-click Security, select New, and then select New Login. The Login
- New dialog box is displayed.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 12/31
7/23/2019 Print content
In the Login name text box, enter Rebecca and click Search.
The Select User, Service Account, or Group dialog box is displayed. Enter rebecca
in the Enter the object name to select and click Check Names. Click OK.
In the Default database drop-down list, select AdventureWorks2012 and click OK.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 13/31
7/23/2019 Print content
In Object Explorer, in the Security node, expand Logins. Note that Rebecca’s login
appears in the list.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 14/31
7/23/2019 Print content
Note that the Login field is set to Enabled. Click OK to close the dialog box.
After creating a login for a Windows account, you can create an SQL login for a user. For
this exercise, let's create a login for a user named Josh.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 15/31
7/23/2019 Print content
In Object Explorer, right-click Security, select New, and then select New Login.
The Login - New dialog box is displayed.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 16/31
7/23/2019 Print content
In Object Explorer, in the Security node, expand Logins. Note that Josh’s login
appears in the list.
After creating the login, you can configure a server role for the login. By default, a new
login is assigned the public server role. You can change this role depending on your
requirement.
In Object Explorer, in the Security node, expand Logins. Note that Rebecca’s login
appears in the list.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 17/31
7/23/2019 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 18/31
7/23/2019 Print content
Leave the devices you have powered on in their current state and proceed to the next
exercise.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 19/31
7/23/2019 Print content
Assigining Permisssions
In this task, you will focus on assigning permissions at the database level.
Step 1
On PLABSQL01 in Object Explorer, expand Databases, right-click
AdventureWorks2012, and select New Query. The new query window is displayed in
the right pane.
For this exercise, you will assign permissions to the user rebecca in the
Person.Address table.
Note: Ensure the user rebecca exists in the database or at the instance level.
Use AdventureWorks2012
GRANT SELECT, INSERT, UPDATE
ON Person.Address
TO "PRACTICELABS\Rebecca"
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 20/31
7/23/2019 Print content
You can now verify if the access is granted on the Person.Address table.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 21/31
7/23/2019 Print content
Note that rebecca is added. Select rebecca. Note the permissions assigned in the
Permissions for rebecca section.
Step 1
From Microsoft SQL Server Management Studio.
In Object Explorer, right-click Security, select New, and then select Server Role.
The New Server Role -ServerRole -xxxxxxxx-xxxxxx dialog box is displayed.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 22/31
7/23/2019 Print content
In the Server role name text box, enter PLAB-Admin. In the Securables section,
expand Logins and select PRACTICELABS\Administrator.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 23/31
7/23/2019 Print content
Click Add. The Select Server Login or Role dialog box is displayed. Enter
Administrator in the Enter the object names to select text box and click Check
Names.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 24/31
7/23/2019 Print content
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 25/31
7/23/2019 Print content
In Object Explorer, in the Security node, expand Server Roles. Note that PLAB-
Admin is now created.
Managing Certificate Logins You can use a master key to create a certificate and
then a login associated with the certificate. However, there may be a situation when you
do not have master key to create a certificate. In that case, you must specify a password
when creating a key. In this task, you will create a symmetric key using a password.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 26/31
7/23/2019 Print content
Step 1
In Object Explorer, right-click AdventureWorks2012 and select New Query. The
right pane displays a new query window.
You can now create a new login in SQL and map the asymmetric key rebecca.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 27/31
7/23/2019 Print content
From the User type drop-down list, select User mapped to an asymmetric key.
The Select Asymmetric Key dialog box is displayed. Enter rebecca in the Enter the
object names to select text box and click Check Names. Click OK.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 28/31
7/23/2019 Print content
Note that rebecca appears in the Asymmetric key name text box. Click OK.
To verify the asymmetric keys, you can navigate to the Security node in
AdventureWorks2012 and then expand Asymmetric Keys. Note that rebecca is
listed.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 29/31
7/23/2019 Print content
All the asymmetric keys that you create will be listed here.
Shutdown all virtual machines used in this lab, by using the power functions located in
the Tools bar before proceeding to the next module. Alternatively you can log out of the
lab platform.
Summary
In this module, you covered carried the following practical tasks:
Also try
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 30/31
7/23/2019 Print content
Using the current lab setup you can try the following concepts at your own pace.
Creating a user named Russ and assigning permissions for the Person.Address table.
Add Update and Delete permissions.
Assigning the Deny permission to Josh on the PLABSQL01 instance.
Assigning the Deny permission to Russ for the Person.Person address.
Creating a new server role.
Creating a new certificate login after creating a certificate key.
https://www.practice-labs.com/authenticated/vNext/vn-print-content.aspx 31/31