I'm having trouble maintaining security on SQLServer as
everyone who is a member of the Local Administrators (on
the system) has full control by default as SQLServer has
builtin/Administrators added by default to its System
Administrators List.
Last time I removed this group, so many things went
wrong. I dont' want the entire local administrators to be
the SQL Admins. So please suggest a way where I can
safely remove the default Built-in\Adminstrators from the
SQLServer security. Any article will be helpful.
ThanksIf you subscribe to SQL Server Professional, I wrote a piece on this:
http://www.pinpub.com/html/main.isx?sub=64&story=783
Briefly, you can add a domain account to the sysadmin role first and then
remove the BUILTIN\Administrators role.
Tom
----
Thomas A. Moreau, BSc, PhD, MCSE, MCDBA
SQL Server MVP
Columnist, SQL Server Professional
Toronto, ON Canada
www.pinnaclepublishing.com/sql
.
"tony" <anonymous@.discussions.microsoft.com> wrote in message
news:1475301c3c352$a5d28e00$a601280a@.phx
.gbl...
Hi,
I'm having trouble maintaining security on SQLServer as
everyone who is a member of the Local Administrators (on
the system) has full control by default as SQLServer has
builtin/Administrators added by default to its System
Administrators List.
Last time I removed this group, so many things went
wrong. I dont' want the entire local administrators to be
the SQL Admins. So please suggest a way where I can
safely remove the default Built-in\Adminstrators from the
SQLServer security. Any article will be helpful.
Thanks|||Adding to Tom's suggestion, you could also add a domain local group (with
only members you wish to have sysadmin equivalence) and grant that group
sysadmin permission -- then remove the builtin\administrators group. It's
also not a bad idea to reset the 'sa' account password at the same time in
case you need that account to log back in (in mixed mode).
Steve
"tony" <anonymous@.discussions.microsoft.com> wrote in message
news:1475301c3c352$a5d28e00$a601280a@.phx
.gbl...
quote:
> Hi,
> I'm having trouble maintaining security on SQLServer as
> everyone who is a member of the Local Administrators (on
> the system) has full control by default as SQLServer has
> builtin/Administrators added by default to its System
> Administrators List.
> Last time I removed this group, so many things went
> wrong. I dont' want the entire local administrators to be
> the SQL Admins. So please suggest a way where I can
> safely remove the default Built-in\Adminstrators from the
> SQLServer security. Any article will be helpful.
No comments:
Post a Comment