The first level of security encountered when accessing SQL Server is known as authentication.
The authentication process performs the validation needed to allow a
user or client machine to connect to SQL Server. This connection can be
granted via a Windows login or SQL Server login.
Windows Authentication Mode
Windows Authentication
mode validates the account name and password, using information stored
in the Windows operating system. A Windows account or group must be
established first, and then security can be established for that
account in SQL Server. This mode has the advantage of providing a
single login account and the capability to leverage domain security
features, such as password length and expiration, account locking,
encryption, and auditing. Microsoft recommends this approach.
Mixed Authentication Mode
Mixed authentication
allows for both Windows authentication and SQL Server authentication.
SQL Server authentication is based on a login that is created in SQL
Server and lives in SQL Server only. No Windows account is involved
with SQL Server authentication. The account and password are
established and maintained in SQL Server. SQL Server logins can be
created with stronger password enforcement that help better protect the
login.
SQL Server authentication is
useful in environments in which a Windows domain controller does not
control network access. It can also be useful for Web applications or
legacy applications, where it may be cumbersome to establish a Windows
user account for every connection to the database server.
Setting the Authentication Mode
You
can select the authentication mode when you install SQL Server, and you
can change it after the installation. To change the authentication mode
after installation, you right-click the server node in the Object
Explorer and choose the Properties option. When the Server Properties
dialog appears, you select the Security page (see Figure 1).
The Security page allows you to specify Windows Authentication mode or
SQL Server and Windows Authentication mode (that is, mixed
authentication). Any changes to the authentication mode require a
restart of SQL Server to make the change effective.