The Suspect Windows Accounts tab lists the Windows user accounts about which SQL Secure was unable to retrieve information when the snapshot was taken. Windows accounts are Active Directory users and groups that have permissions on SQL Server objects.
For each suspect account, the following information is available:
Column | Description |
---|---|
Domain | Lists the domain the suspect account resides in |
Account | Lists the name of the account |
Type | Lists the type of account that is suspect |
You can set one of the following options:
Option | Description |
---|---|
Group By | Allows you to organize the list by the column headers |
Save as Excel File | Allows you to save your suspect windows accounts list to an Excel file |
Allows you to print out your list |
When SQL Secure considers an account suspect
A Windows account is considered suspect when SQL Secure cannot validate the account in Active Directory. Some common causes are:
- The user account has been deleted
- The collection credentials do not have sufficient permissions to access Active Directory
- A one-way trust exists between the domain of the collection credentials and the domain of the Windows account
- The account is a well-known group, such as Everyone or Terminal Server User, whose membership is hidden by Active Directory and therefore cannot be collected
You can configure SQL Secure to use a pass-through account to successfully collect Windows account information when encountering one-way trusted domains. A pass-through account is an account that has the same name and password as the account specified for gathering group membership information. A pass-through account does not require elevated Windows privileges in the trusted domain. For more information, search for "pass-through account" on the Microsoft Help and Support Web site (support.microsoft.com).