tag:blogger.com,1999:blog-3923359343089034996.post442727317034280300..comments2012-02-13T04:40:25.147-08:00Wayne Walter Berryhttp://www.blogger.com/profile/07116744675621334568noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-3923359343089034996.post-91808579633019156202012-02-13T04:40:25.147-08:002012-02-13T04:40:25.147-08:00Hi,<br />After hours of investigations, I thing I found the {obtuse} cause : Using NT Security groups in SQL works very well (adding/removing users to group produce a correct behavior in SQL Server)... HOWEVER : User have to logoff/logon again in Windows to make new membership effective (as for NTFS permissions)...Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-30143133555456815382011-02-04T08:23:20.965-08:002011-02-04T08:23:20.965-08:00Nobody mentioned this, so I thought I&#39;d point it out. A user that is removed from a group continues to have that permission until they log out of Windows and back in.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-85947835707046063642011-02-03T14:38:45.347-08:002011-02-03T14:38:45.347-08:00Since it seems that it alleged that it works some times and documented as not working other times I suspect that there is some {obtuse} configuration issue involved between SQL Server and the domain.<br /><br />If you plan on using groups, you may wish to verify that it actually works (especially when a user is removed from a group that is contained in another group -- the permission cascade problem) and then make a point of re-verifying it periodically -- in case the {obtuse} configuration issue is changed.Ken Lassesenhttp://lassesen.comnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-73476802680363144862010-09-01T17:22:40.791-07:002010-09-01T17:22:40.791-07:00140+ servers here with SQL2005\2008 and Windows2000\2003\2008 and using NT groups with no problems at all. I can add and remove users at will from domain groups and access is immediately granted or denied.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-34196839149009022542010-03-31T15:33:48.273-07:002010-03-31T15:33:48.273-07:00SQL 2005 and Windows Server 2003 with users in a security group. No problem at all.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-19384790227864324602010-03-15T09:47:44.551-07:002010-03-15T09:47:44.551-07:00wow - i agree with Scott - i was also in the process of testing using NT user groups. Thanks for saving me a bunch of time and headaches.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-3923359343089034996.post-44874093010645723812010-02-26T09:30:16.900-08:002010-02-26T09:30:16.900-08:00THANK YOU! I was in the process of testing using NT user groups as an alternative to maintaining custom database roles or individual login permissions. I turned up this post in an internet search I did while trying to figure out why it wasn&#39;t working as expected. Now I know ... Time to go delete those test group IDs from the database.<br /><br />And here I thought I could hand off some of my work to the Windows network admins. Teach me to be lazy! :)Scotthttp://www.blogger.com/profile/13617497676831940377noreply@blogger.com