You cannot disable Windows Authentication mode (:. If you allow the user
logon to the compuer, where SQL Server runs, as administrator, that user can
do anything the SQL Server. Period. So, simply guard that computer's
administrator account as tight as you can. If the you logon the any other
account to the computer, as long as you did not give access to SQL Server to
those user accounts, the SQL Server will be fine. So, you see, if you
developed some solution that uses SQL Server/Express and you delevered it to
your clients. As long as your clients have full right on their computers
(administrator), they can get into the SQL Server/Express you delevered.
[quoted text, click to view] <gogaz@rediffmail.com> wrote in message
news:1161030857.258517.78090@i42g2000cwa.googlegroups.com...
> Hi,
>
> I have installed MS SQL Server 2005 Express Edition, and SQL Web Data
> Administrator on my Windows 2003 webserver with IIS 6.0
>
> Everything works fine but I want to deny the users to log on WDA using
> Windows Integrated authentication.
>
> At the moment when i open http://ipaddress/webadmin in IE, I get
> following textboxes:
>
> Username: SERVERNAME\Administrator (disabled / greyed out)
> Password: <blank> (disabled / greyed out)
> Server: (local)
>
> and following Radio Buttons:
>
> Authentication Method: Windows Integrated (selected by default)
> SQL Login
>
> If I change he Server textbox value from (local) to server\instancename
> and click login, it logs me in straight away where I can perform any
> admin functions
>
> I dont want any user to log on using windows integrated authentication.
> Is there any way around this problem? I dont want my system to get
> hacked either, so cant just change default.aspx file and then allow
> hackers still to point to my server with some default variable values
> and get access
>
> Thanks in advance.
>
> Regards
>
