Tuesday, October 17, 2023

Access SQL Server Management Studio using a different Active Directory Credential

There is no way to change the "User name" in SQL Server Management Studio's "Connect to Server" dialog when using Windows Authentication. This post demonstrates how to run SQL Server Management Studio (SSMS) and authenticate a connection using a different user than the current active Windows user while authenticating with Windows Authentication. For example, a user logs in with the normal account but needs to authenticate with an administrative account to access SQL Server.

An example of SSMS's "Connect to Server" dialog authenticating a connection with Windows Authentication is as follows:


The "User name" dropdown above is grayed out as it cannot be changed because Authentication is set to Windows Authentication. The Windows runas command-line utility (see Runas) can be used to run SSMS or any application as a different user than the user currently logged into a host. For this example, considering desiring to login as:

  • domain: domaidAbc
  • user: userEfg

To run SQL Server Management Studio as user domainAbc\userEfg, specify the following from a console prompt:

runas /noprofile /netonly /user:domainAbc\userEfg "C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe"

Once the above command is run, the user will be prompted to enter a password for account domainAbc\userEfg:

Enter the password for domainAbc\userEfg:

There is no way to specify the password as a runas command-line option so the password must be manually entered.

The following is all the text displayed when running SSMS as a different user via the runas command:

C:\>runas /noprofile /netonly /user:domainAbc\userEfg "C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe"
Enter the password for domainAbc\userEfg:
Attempting to start C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe as user "domainAbc\userEfg" ...

At this point SSMS is running as user domainAbc\userEfg. There is a bit of a twist. Here is an example of the "Connect to Server" dialog displayed when running as user domainAbc\userEfg (note the grayed out User name is different,XPS17\jann):


When the Server name is specified and the connection to SQL Server is made, the user used to authenticate is domainAbc\userEfg and not the grayed out user.

No comments :

Post a Comment