In SQL Server, much like other services with users, login accounts can be enabled or disabled. An enabled login can be authenticated and allowed access to database resources. A disabled login is not allowed to establish a connection to the SQL Server instance.
For example, let's create a login called JoeUser.
CREATE LOGIN JoeUser WITH
PASSWORD = 'P@$$w0rd!'
,DEFAULT_DATABASE = AdventureWorks
CREATE USER JoeUser
In the first statement, the JoeUser login was created with a fairly complex password and a default database of AdventureWorks. Afterward, we switch to the AdventureWorks database and create a new user for the database. If we attempt to login to SQL Server using these credentials, we can.
Next let's disable the login with the following statement.
ALTER LOGIN JoeUser DISABLE
If someone attempts to login to SQL Server using the JoeUser login, the connection attempt is rejected and Error 18470 is returned - "Login failed for user 'JoeUser'. Reason: The account is disabled." Additionally, the error is written to the Windows Event Log and can be viewed in the Windows Event Viewer.
Enabling the login can be done with the following statement.
ALTER LOGIN JoeUser ENABLE
To clean up our example, the following statement may be used to remove the SQL Server login.
DROP USER JoeUser
DROP LOGIN JoeUser
Now if someone attempts to login using the JoeUser login, "Login failed for user 'JoeUser'" is returned and error 18456 is written to the Windows Event Log.