Configure Windows Authentication to the Database

As a security best practice for PCI DSS compliance, use Windows authentication for database access.

For more information, please see Database Permissions Matrix.

Change Database Authentication

You can set up Windows authentication on your SQL Server database.

SQL Server Logins Group

  1. Log in to SQL Server.
  2. Create a SQL Server login, such as Domain\RemoteServerName$.

 

SQL Server User Mapping

  1. Go to the properties for the new login, and create a user mapping to the BeyondInsight database and the REM3Admins role.

SQL Server 2012

SQL Server User Mapping: NT AUTHORITY\NETWORK SERVICE

In an environment where SQL Server 2012 and BeyondInsight are installed on different servers, SQL Server uses Domain\MachineName$ for Windows authentication.

However, when SQL Server 2012 and BeyondInsight are on the same server, SQL Server must use NT AUTHORITY\NETWORK SERVICE for Windows authentication. This account is not created by default on SQL Server 2012. You must therefore create the NT AUTHORITY\NETWORK SERVICE account in SQL Server before changing the authentication mode. Permissions assigned on the BeyondInsight database must include db_owner and REM3Admins, a custom role created by the installer.