Setting Authentication


MS SQL Server allows you to set the type of authentication that is to be used to validate users that connect to the server. There are  the following  types of authentication depending on the SAP release that is installed.

·        Windows only authentication

For SAP releases 4.6C and higher, you should set authentication to Windows only. This means that the SAP system and users who connect to the database must have Windows accounts and are validated on the basis of information stored by the operating system.

·        SQL Server and Windows authentication

In releases prior to 4.6C you must set authentication to the mixed SQL Server and Windows authentication mode. This means that the Windows operating system or the SQL Server itself can perform the validation of users connecting to the database. If a user logs on with a Windows account, validation is based on information stored by the operating system. If a user logs on with an SQL Server login account, SQL Server checks the existence of the account and the correctness of the password.

Security Loophole

When you set the mixed authentication mode anyone who knows the password of the SQL Server login <sapsid> or sa can connect interactively to SQL Server. Since the password for sa is often blank, the mixed authentication mode can pose a security loophole for the system. Therefore we recommend you to set this password.


To check the authentication mode:


       1.      In the Enterprise Manager, select the server and then choose Action ® Properties.

The SQL Server Properties dialog box opens.

       2.      Select the Security tab.

       3.      Select Windows only.

For Releases prior to 4.6C you have to select SQL Server and Windows.