1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
|
-- This procedure will generate a create logins script for you
CREATE PROCEDURE [dbo].[sp_dba_security_revlogin]
@login_name sysname = NULL,
@script_server_roles tinyint = 1
AS
DECLARE @name sysname
DECLARE @xstatus int
DECLARE @binpwd varbinary (256)
DECLARE @txtpwd sysname
DECLARE @tmpstr varchar (256)
DECLARE @SID_varbinary varbinary(85)
DECLARE @SID_string varchar(256)
IF (@login_name IS NULL) BEGIN
DECLARE login_curs CURSOR FOR
SELECT sid, name, 2 xstatus, password_hash FROM sys.sql_logins
WHERE name <> 'sa' and is_disabled = 0
union all
select sid, name, 4 xstatus, null from sys.server_principals
where type = 'u' and is_disabled = 0
END ELSE BEGIN
DECLARE login_curs CURSOR FOR
SELECT sid, name, 2 xstatus, password_hash FROM sys.sql_logins
WHERE name <> 'sa' and is_disabled = 0 AND name = @login_name
union all
select sid, name, 4 xstatus, null from sys.server_principals
where type = 'u' and is_disabled = 0 AND name = @login_name
END
OPEN login_curs
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @xstatus, @binpwd
IF (@@fetch_status = -1)
BEGIN
PRINT 'No login(s) found.'
CLOSE login_curs
DEALLOCATE login_curs
RETURN -1
END
SET @tmpstr = '/* sp_help_revlogin script '
PRINT @tmpstr
SET @tmpstr = '** Generated '
+ CONVERT (varchar, GETDATE()) + ' on ' + @@SERVERNAME + ' */'
PRINT @tmpstr
PRINT ''
PRINT 'DECLARE @pwd sysname'
WHILE (@@fetch_status <> -1) BEGIN
IF (@@fetch_status <> -2) BEGIN
PRINT ''
SET @tmpstr = '-- Login: ' + @name
PRINT @tmpstr
IF (@xstatus & 4) = 4 BEGIN -- NT authenticated account/group
IF (@xstatus & 1) = 1 BEGIN -- NT login is denied access
SET @tmpstr = 'EXEC master..sp_denylogin ''' + @name + ''''
PRINT @tmpstr
END ELSE BEGIN -- NT login has access
SET @tmpstr = 'EXEC master..sp_grantlogin ''' + @name + ''''
PRINT @tmpstr
END
END ELSE BEGIN -- SQL Server authentication
IF (@binpwd IS NOT NULL) BEGIN -- Non-null password
EXEC sp_dba_security_scriptLogin @binpwd, @txtpwd OUT
IF (@xstatus & 2048) = 2048 BEGIN
SET @tmpstr = 'SET @pwd = CONVERT (varchar(256), ' + @txtpwd + ')'
END ELSE BEGIN
SET @tmpstr = 'SET @pwd = CONVERT (varbinary(256), ' + @txtpwd + ')'
END
PRINT @tmpstr
EXEC sp_dba_security_scriptLogin @SID_varbinary,@SID_string OUT
SET @tmpstr = 'EXEC master..sp_addlogin ''' + @name
+ ''', @pwd, @sid = ' + @SID_string + ', @encryptopt = '
END ELSE BEGIN -- Null password
EXEC sp_dba_security_scriptLogin @SID_varbinary,@SID_string OUT
SET @tmpstr = 'EXEC master..sp_addlogin ''' + @name
+ ''', NULL, @sid = ' + @SID_string + ', @encryptopt = '
END
IF (@xstatus & 2048) = 2048 BEGIN
-- login upgraded from 6.5
SET @tmpstr = @tmpstr + '''skip_encryption_old'''
END ELSE BEGIN
SET @tmpstr = @tmpstr + '''skip_encryption'''
END
PRINT @tmpstr
-- Handle server roles:
IF ISNULL(@script_server_roles,1) = 1 BEGIN
IF (@xstatus & 16) = 16 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''sysadmin'''
PRINT @tmpstr
END
IF (@xstatus & 32) = 32 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''securityadmin'''
PRINT @tmpstr
END
IF (@xstatus & 64) = 64 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''serveradmin'''
PRINT @tmpstr
END
IF (@xstatus & 128) = 128 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''setupadmin'''
PRINT @tmpstr
END
IF (@xstatus & 256) = 256 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''processadmin'''
PRINT @tmpstr
END
IF (@xstatus & 512) = 512 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''diskadmin'''
PRINT @tmpstr
END
IF (@xstatus & 1024) = 1024 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''dbcreator'''
PRINT @tmpstr
END
IF (@xstatus & 4096) = 4096 BEGIN
SET @tmpstr = 'EXEC sp_addsrvrolemember ''' + @name + ''', ''bulkadmin'''
PRINT @tmpstr
END
END
-- End Handle server roles
END
END
FETCH NEXT FROM login_curs INTO @SID_varbinary, @name, @xstatus, @binpwd
END
CLOSE login_curs
DEALLOCATE login_curs
RETURN 0
GO
-- This will fix the orphans logins
USE [db_dba]
GO
/****** Object: StoredProcedure [dbo].[USP_DBA_FixOrphanedLogins] Script Date: 06/29/2010 12:07:23 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
Create procedure [dbo].[USP_DBA_FixOrphanedLogins]
as
begin
set nocount on
/** Show the logins that will be threat **/
DECLARE @Collation varchar(100),
@SQL VARCHAR(2000),
@rc int
CREATE TABLE ##TempSync(DB_NME Varchar(50),DBUserName varchar(50),SysLoginName varchar(50))
SELECT @Collation = CONVERT(SYSNAME,DatabasePropertyEx('master','Collation'))
SET @SQL = 'USE [?]
SELECT ''?'' DB_NME, A.name DBUserName, B.loginname SysLoginName
FROM sysusers A
JOIN master.dbo.syslogins B
ON A.name Collate ' + @Collation + ' = B.Name
JOIN master.dbo.sysdatabases C
ON C.Name = ''?'' WHERE issqluser = 1
AND (A.sid IS NOT NULL
AND A.sid <> 0x0)
AND suser_sname(A.sid) IS NULL
AND (C.status & 32) = 0 --loading
AND (C.status & 64) = 0 --pre recovery
AND (C.status & 128) = 0 --recovering
AND (C.status & 256) = 0 --not recovered
AND (C.status & 512) = 0 --offline
AND (C.status & 1024) = 0 --read only
ORDER BY A.name'
INSERT into ##TempSync EXEC sp_msforeachdb @SQL
-- SELECT * FROM ##TempSync
set @rc = @@rowcount
DROP TABLE ##TempSync
if @rc = 0
begin
raiserror ('No Orphaned Logins to be handled.',-1,-1)
return 0
end
/** Fix the orphaned logins **/
SELECT @Collation =CONVERT(SYSNAME,DatabasePropertyEx('master','Collation'))
SET @SQL = 'USE [?]
DECLARE @DBUserName varchar(50)
DECLARE @SysLoginName varchar(50)
DECLARE SyncDBLogins CURSOR FOR SELECT A.name DBUserName, B.loginname SysLoginName
FROM sysusers A JOIN master.dbo.syslogins B ON A.name Collate ' + @Collation +
' = B.Name JOIN master.dbo.sysdatabases C ON C.Name = ''?''
WHERE issqluser = 1 AND (A.sid IS NOT NULL AND A.sid <> 0x0) AND suser_sname(A.sid) IS NULL
AND (C.status & 32) = 0 --Loading
AND (C.status & 64) = 0 --pre recovery
AND (C.status & 128) = 0 --recovering
AND (C.status & 256) = 0 --not recovered
AND (C.status & 512) = 0 --offline
AND (C.status & 1024) = 0 --read only
ORDER BY A.name
OPEN SyncDBLogins
FETCH NEXT FROM SyncDBLogins INTO @DBUserName, @SysLoginName
WHILE @@FETCH_STATUS = 0 BEGIN
EXEC sp_change_users_login ''update_one'', @DBUserName, @SysLoginName
FETCH NEXT FROM SyncDBLogins INTO @DBUserName, @SysLoginName
END
CLOSE SyncDBLogins
DEALLOCATE SyncDBLogins'
EXEC sp_msforeachdb @SQL
return 0
end
GO
|