Adding a Windows User or Group

SQL Server Setup Help

SQL Server Setup Help

Adding a Windows User or Group

Microsoft® Windows NT® 4.0 and Windows® 2000 accounts (users or groups) must be granted permissions to connect to an instance of Microsoft SQL Server™ before they can access a database. If all members of a Windows NT 4.0 or Windows 2000 group will be connecting to an instance of SQL Server, you can grant permission to the group as a whole. Managing group permissions is much easier than managing permissions for individual users. If the group should not be granted permission collectively, grant permission to connect to an instance of SQL Server for each individual Windows NT 4.0 or Windows 2000 user.

Users

When granting a Windows NT 4.0 or Windows 2000 user access to connect to an instance of SQL Server, specify the Windows NT 4.0 or Windows 2000 domain or computer name to which the user belongs, followed by a backslash, and then the user. For example, to grant access to the Windows NT 4.0 or Windows 2000 user Andrew, in the Windows NT 4.0 or Windows 2000 domain LONDON, specify LONDON\Andrew as the user name.

Local and Global Groups

There are several types of Windows NT 4.0 and Windows 2000 groups, including global and local:

  • Global groups contain user accounts from the Windows NT 4.0 or Windows 2000 domain in which they are created. Global groups cannot contain other groups or users from other domains and cannot be created on a computer running Microsoft Windows NT 4.0 Workstation or Microsoft Windows 2000 Professional.

  • Local groups can contain user accounts and global groups from the domain in which they are created and in any trusted domain. Local groups cannot contain other local groups.

Additionally, Windows NT 4.0 and Windows 2000 have predefined, built-in local groups (for example, Administrators, Users, and Guests).

When granting a Windows NT 4.0 or Windows 2000 local or global group access to connect to an instance of SQL Server, specify the domain or computer name the group is defined on, followed by a backslash, and then the group name. For example, to grant access to a global group called SQL_Users, in the LONDON domain, specify LONDON\SQL_Users as the group name.

To grant access to a Windows NT 4.0 or Windows 2000 built-in, local group, specify BUILTIN instead of the domain or computer name. To grant access to the built-in Windows NT 4.0 and Windows 2000 local group Administrators, specify BUILTIN\Administrators as the group name.

For more information about these accounts, see the Windows NT 4.0 and Windows 2000 documentation.

To grant a Windows user or group login access to SQL Server

Transact-SQL