sp_denylogin (Transact-SQL)

Applies to: SQL Server (all supported versions)

Prevents a Windows user or Windows group from connecting to an instance of SQL Server.


This feature will be removed in a future version of Microsoft SQL Server. Avoid using this feature in new development work, and plan to modify applications that currently use this feature. Use ALTER LOGIN instead.

Topic link icon Transact-SQL Syntax Conventions


sp_denylogin [ @loginame = ] 'login'   


[ @loginame = ] 'login_ ' Is the name of a Windows user or group. login is sysname, with no default.

Return Code Values

0 (success) or 1 (failure)


sp_denylogin denies CONNECT SQL permission to the server-level principal mapped to the specified Windows user or Windows group. If the server principal does not exist, it will be created. The new principal will be visible in the sys.server_principals (Transact-SQL) catalog view.

sp_denylogin cannot be executed within a user-defined transaction.


Requires membership in the sysadmin fixed server role.


The following example shows how to use sp_denylogin to prevent Windows user CORPORATE\GeorgeV from connecting to the server.

EXEC sp_denylogin 'CORPORATE\GeorgeV';  

See Also

sp_grantlogin (Transact-SQL)
Security Stored Procedures (Transact-SQL)
System Stored Procedures (Transact-SQL)