Windows Authentication

You can use Windows authentication only where Windows Active Directory is used for network and user authentication. SQL Server permits or denies access to a user after its network logon credentials have been validated by a Windows Domain Controller, without requiring a separate login name and password. This authentication type is often referred to as Windows Integrated Mode and is considered a Trusted Authentication because SQL Server trusts the credentials provided by Windows.

In Windows authentication, all logins are created, stored, and managed by Active Directory. Active Directory enables central management and enforcement of strong and complex password policies, lockout, and expiration.

When an instance is configured for Windows Authentication mode, SQL authentication is disabled. The default sa (system administrator) account is still created but is disabled.

Best Practice

When changing to SQL authentication and Windows Authentication mode, always remember to create a strong password for the sa account.

Windows authentication has several advantages:

Central account management and account policy enforcement through Active Directory.
Support for Active Directory groups.
Single sign-on experience by Windows authenticated users. You do not need to enter login name and password to connect to SQL Server.
Less surface area, making it more secure against additional vulnerabilities and exploits.

Windows authentication has several disadvantages as ...

Get Microsoft SQL Server 2012 Bible now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft SQL Server 2012 Bible by

Windows Authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly