如何在不添加用户的情况下远程连接到 SQL Server？

Question

I have 3 machines, one of them is acting like a server that contains the database and tables. However when I try to connect over the Named Pipes protocol, I need to add a domain account to each machine.

What I want to do is to access the database remotely using the 2 other machines without adding any user; I'm using Windows authentication.

Answer 1

When you use Windows authentication, you need to have the same Windows account on both the machine making the request, and the server.

To do what you are trying to do, you would need to use SQL Server authentication or user impersonation. Personally, I find user impersonation to leave too many potential security holes, so I recommend SQL Server authentication.

Answer 2

Very top level question so very top level answer:

Extend and manage permissions by Active Directory groups. Place individual user's accounts into the active directory groups. You are now managing permissions from an AD perspective and not by a individual machine perspective. ie user mgmt happens in one place instead of distro.

This way you are not constantly adding/removing users to multiple machines. They are just placed in the group and have access to X number of servers due to permission inheritance.

It also saves you from hard coding sql account credentials into distributable applications. Not a huge concern if this was a web application but think what would happen if you had the need to cycle your sql user password and you had your wpf application installed on X number of machines...becomes a management/release nightmare