SSMS remote connection as domain admin OK, local needs 'run as admin' - why? RRS feed

  • Question

  • I have a SQL Server 2012 ENT setup with 2 virtual servers running Win2008 R2 ENT. Windows authentication only.

    The install was done using a config file which added the 'domain\domain admins' as sys admin account (SQLSYSADMINACCOUNTS=domain\domain admins'.

    I can connect to the SQL instances remotely just fine from the other server. A -> B and B -> A. I'm logged in as a user who is a member of domain admins.

    When i'm logged into the server (same user) I need to run SSMS as an administrator to be able to log in. Otherwise, I get the error:
    "Login failed for user domain\username"

    The part I don't understand is, why do i have to run SSMS locally elevated? Since I'm a domain admin and that group is a login on both server instances (sys admin in SQL and members of the local server's admin group too), i should be able to log in without 'run as admin', no?

    Also, is there a way to still log in locally as a domain admin group member without 'run as admin'? (Without turning off UAC!)


    Monday, April 29, 2013 5:19 PM


  • You said "Since I'm a domain admin ..." but you are only a domain admin when you are passing administrator credentials; which is why you need to use Run as administrator. So this is by design. It is easy to avoid this. Log in using Run as administrator, and then add your domain login as a login under it's own name. Make it a member of the sysadmin fixed server role if you want. Then you won't need to pass admin credentials.

    Rick Byham, Microsoft, SQL Server Books Online, Implies no warranty

    • Marked as answer by PolishPaul Monday, April 29, 2013 8:34 PM
    Monday, April 29, 2013 8:13 PM