SQL Server 2008: Security and User Administration - Authentication Methods

Windows Authentication Mode

Windows Authentication mode validates the account name and password, using information stored in the Windows operating system. A Windows account or group must be established first, and then security can be established for that account in SQL Server. This mode has the advantage of providing a single login account and the capability to leverage domain security features, such as password length and expiration, account locking, encryption, and auditing. Microsoft recommends this approach.

Mixed Authentication Mode

Mixed authentication allows for both Windows authentication and SQL Server authentication. SQL Server authentication is based on a login that is created in SQL Server and lives in SQL Server only. No Windows account is involved with SQL Server authentication. The account and password are established and maintained in SQL Server. SQL Server logins can be created with stronger password enforcement that help better protect the login.

SQL Server authentication is useful in environments in which a Windows domain controller does not control network access. It can also be useful for Web applications or legacy applications, where it may be cumbersome to establish a Windows user account for every connection to the database server.

Setting the Authentication Mode

You can select the authentication mode when you install SQL Server, and you can change it after the installation. To change the authentication mode after installation, you right-click the server node in the Object Explorer and choose the Properties option. When the Server Properties dialog appears, you select the Security page (see Figure 1). The Security page allows you to specify Windows Authentication mode or SQL Server and Windows Authentication mode (that is, mixed authentication). Any changes to the authentication mode require a restart of SQL Server to make the change effective.

Figure 1. Changing the authentication mode.