Monday, March 12, 2012

Localization and BUILTIN groups

Is there a synonym for the group BUILTIN\Users which can be used for GRANT ... TO and sp_grantlogin/sp_grantdbaccess, but which will work on localized computers?

I have a number of automated unit tests I wish to run on two different computers. The process involves recreating a database if it does not exist and then granting access and privileges to the BUILTIN\Users group.

The problem is that one computer is installed with a Swedish Windows XP Professional (the users group is called BUILTIN\Anv?ndare) and the other is an English WinXP MCE (the group is called BUILTIN\Users) so I cannot easily script this.

An alternative is to be able to retrieve the respective name through a .NET class or the Windows API.

Is any of this possible?

Thanks,
Johan

synonyms can be used only to securables residing inside a schema not principals or users.

you can however rename a login to a more friendly name inside a datbase using sp_grant dbaccess

Examples

This example adds an account for the Windows NT user Corporate\GeorgeW to the current database and gives it the name Georgie.

EXEC sp_grantdbaccess 'Corporate\GeorgeW', 'Georgie'

|||So there's no way to refer to BUILTIN\Users without knowing what language OS the machine has installed?

This works on an English OS only:
execute sp_grantlogin [BUILTIN\Users];
execute sp_grantdbaccess [BUILTIN\Users];.. and this on a Swedish OS:
execute sp_grantlogin [BUILTIN\Anv?ndare];
execute sp_grantdbaccess [BUILTIN\Anv?ndare];|||

run both statement and

put it in a try... catch.. block...

i mean use error handling

|||Good thinking!
Thanks|||

Actually you don't need to use try..catch at all. All Windows operating systems have certain number of well-known groups / users. These are universal and the SIDs for those are also the same across machines/windows OSes. So in your case, just do the following:

declare @.builtin_admins nvarchar(128)

set @.builtin_admins = suser_sname(0x01020000000000052000000020020000)

exec sp_grantdbaccess @.builtin_admins

declare @.builtin_users nvarchar(128)

set @.builtin_users = suser_name(0x01020000000000052000000021020000)

exec sp_grantdbaccess @.builtin_users

The SID values are the well-known values that will not change and you can use that to lookup the name. This will not work for user-defined groups.

|||That does it for me.
Thanks a million.
Posted by ornamentalklze at 3:59 AM
Labels: , , , , , , , , , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)