how to add a user to local sql server when one has only windows admin rights on the server
https://dba.stackexchange.com/questions/281314
-
12-03-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPregunta
I'm in the admin group of a server, but yet I don't have access to the sql server, is there anyway to add myself without the need to reinstall the sql server?
Solución
It's pretty easy to do if you are a member of the local Administrators group.
The below steps are taken from this answer on StackOverflow:
Open a command prompt window. If you have a default instance of SQL Server already running, run the following command on the command prompt to stop the SQL Server service:
net stop mssqlserver
If you're running a named instance of SQL Server, the Service Name will be something similar to mssql$instancename.
Open SQL Server Configuration Manager from the Windows Start Menu. Find the instance listed in the "SQL Server Services" window, and right-click it, then click "Properties". Go to the "Service Tab", and make note of the "Binary Path" and CD into it as such:
CD "C:\Program Files\Microsoft SQL Server\MSSQL14.MSSQLSERVER\MSSQL\Binn"
Run the following command to start SQL Server in single user mode. As
SQLCMD is being specified, only one SQLCMD connection can be made (from another command prompt window).
sqlservr -m"SQLCMD"
Open another command prompt window as the same user as the one that started SQL Server in single user mode above, and in it, run:
sqlcmd
And press enter. Now you can execute SQL statements against the SQL Server instance running in single user mode. To add a login for your account, run:
CREATE LOGIN [DOMAIN\USERNAME] FROM WINDOWS;
Replace DOMAIN and USERNAME with appropriate values.
-- For older versions of SQL Server:
EXEC sys.sp_addsrvrolemember @loginame = N'DOMAIN\USERNAME'
, @rolename = N'sysadmin';
-- For newer versions of SQL Server:
ALTER SERVER ROLE [sysadmin] ADD MEMBER [DOMAIN\USERNAME];
GO
Otros consejos
Here's a handy batch file to do it:
admin2sysadmin.bat:
net stop mssqlserver
net start mssqlserver /mSQLCMD
sqlcmd -Q "if not exists(select * from sys.server_principals where name='BUILTIN\administrators') CREATE LOGIN [BUILTIN\administrators] FROM WINDOWS;EXEC master..sp_addsrvrolemember @loginame = N'BUILTIN\administrators', @rolename = N'sysadmin'"
net stop mssqlserver
net start mssqlserver
sqlcmd -Q "if exists( select * from fn_my_permissions(NULL, 'SERVER') where permission_name = 'CONTROL SERVER') print 'You are a sysadmin.'"
or for a named instance
net stop mssql$sqlexpress
net start mssql$sqlexpress /mSQLCMD
sqlcmd -S (local)\sqlexpress -Q "if not exists(select * from sys.server_principals where name='BUILTIN\administrators') CREATE LOGIN [BUILTIN\administrators] FROM WINDOWS;EXEC master..sp_addsrvrolemember @loginame = N'BUILTIN\administrators', @rolename = N'sysadmin'"
net stop mssql$sqlexpress
net start mssql$sqlexpress
sqlcmd -S (local)\sqlexpress -Q "if exists( select * from fn_my_permissions(NULL, 'SERVER') where permission_name = 'CONTROL SERVER') print 'You are a sysadmin.'"
After that the BUILTIN\administrators group will be sysadmins. If you are a Windows Administrator logged on to the desktop of a machine with User Account Control enabled, you'll have to elevate before being able to connect to SQL Server. Once you do, you can create a sysadmin login for yourself personally to enable un-elevated local connection.
