?? Remote Login Works, but Why ??

Hi all,

I was hoping someone could explain a permissions "oddity" I'm seeing. I just
want to understand why it works when it doesn't seem like it should.

I have a fresh SQL Server 2008 Standard Edition install that uses Windows
Authentication. The name of the computer hosting the SQL Server instance is
SVR1. When I installed SQL Server I specified a single, sysadmin login, as
required by the SQL Server installation. The login account is a local
account: SVR1\tlbaxter. I have no problem logging into the instance using
SQL Server Management Studio with the SVR1\tlbaxter. Everything works as it
should.

Now, I have a second machine named, CLT1, that also has SQL Server
Management Studio installed. This machine has a local account, CLT1\tlbaxter
whose password is exactly the same as the password for SVR1\tlbaxter. So,
both machines have a local "tlbaxter" account with the same password.

For some reason, I *AM* able to connect to the SQL Server instance on SVR1
from CLT1, using the CLT1\tlbaxter account! The fact that CLT1\tlbaxter and
SVR1\tlbaxter have the same password is significant. If I change the
password for CLT1\tlbaxter I cannot connect to SVR1's SQL Server instance.
This is what I'm not understanding.

How is it CLT1\tlbaxter is able to connect to SQL Server when the only login
is SVR1\tlbaxter? I'm thinking I should not be able to log in from CLT1 but
yet I am.

I'm suspecting there are some more fundamental issues regarding Windows
accounts that I might not understand. Note that these are two machines on a
LAN and AD is not involved here.

Thanks very much.

On Wed, 27 Aug 2008 05:50:16 -0500, "Tom Baxter"
wrote:

>How is it CLT1\tlbaxter is able to connect to SQL Server when the only login
>is SVR1\tlbaxter? I'm thinking I should not be able to log in from CLT1 but
>yet I am.
>
>I'm suspecting there are some more fundamental issues regarding Windows
>accounts that I might not understand. Note that these are two machines on a
>LAN and AD is not involved here.

SQL Server is using Windows security, and this is how Windows works.
Local accounts with the same name and password allow local accounts
access across machines. It was that way on NT 3.1 and it apparently
has not changed.

Roy Harvey
Beacon Falls, CT

"Roy Harvey (SQL Server MVP)" wrote in message
news:ediab4lsr74vkrb02ql3rfl2ap24oc800a-at-4ax.com...
> On Wed, 27 Aug 2008 05:50:16 -0500, "Tom Baxter"
> wrote:
>
>>How is it CLT1\tlbaxter is able to connect to SQL Server when the only
>>login
>>is SVR1\tlbaxter? I'm thinking I should not be able to log in from CLT1
>>but
>>yet I am.
>>
>>I'm suspecting there are some more fundamental issues regarding Windows
>>accounts that I might not understand. Note that these are two machines on
>>a
>>LAN and AD is not involved here.
>
> SQL Server is using Windows security, and this is how Windows works.
> Local accounts with the same name and password allow local accounts
> access across machines. It was that way on NT 3.1 and it apparently
> has not changed.

So it has nothing to do with SQL Server. It is a Windows
permissions/security behavior, correct?

On Wed, 27 Aug 2008 07:44:48 -0500, "Tom Baxter"
wrote:

>So it has nothing to do with SQL Server. It is a Windows
>permissions/security behavior, correct?

Correct.

Roy Harvey
Beacon Falls, CT