I am attempting to configure a new SQL Server 2008 instance to use Windows authentication, and am encountering a problem when adding Windows domain groups as logins. Specifically, Windows users who are direct members of a Windows group that has been added as a login behave normally. Users who are members of groups that are, in turn, members of other groups which have been added as logins are unable to connect.
In a simplified example, consider the following:
ÃÂ Member: MYDOMAIN\Hazel
ÃÂ Member: MYDOMAIN\Seamus
ÃÂ Member:ÃÂ MYDOMAIN\Vaughan
ÃÂ Member: MYDOMAIN\Liesel
ÃÂ Member: MYDOMAIN\DataViewers <-- This is a group
ÃÂ Member: MYDOMAIN\DataEditors <-- This is a group
If I add the MYDOMAIN\AllUsers group as a SQL Server login (and map it to some databases), none of the end users (i.e. Hazel, Seamus, Vaughan, Liesel) can connect. If I add the MYDOMAIN\DataViewers or MYDOMAIN\DataEditors groups as logins, though, their members can connect. Similarly, if I add an end user directly to the AllUsers group, they can connect normally.
It appears as if the nested group model I had envisioned is not supported in SQL Server 2008, but I have been unable to find any documents that state this conclusively. Therefore, my q
View Complete Post