Friday, December 06, 2002

BUILTIN\Administrators in Sysadmin Role


Issue




Local administrators should not also be database administrators. These roles are very different
and are typically performed by different people.


Solution




Remove BUILTIN\Administrators from the sysadmin role.


Note: There are special circumstances that require Administrators to belong to the
Sysadmin role. These circumstances are outlined in the following Microsoft Knowledge Base
articles:


SQL
Server Agent Does Not Start and Displays Error 18456 (Q237604)

How to
Prevent Windows NT Administrators from Administering a Clustered SQL Server (Q263712)



IsAlive Check Does Not Run Under the Context of the BUILTIN\Administrators
Account (Q291255)


Microsoft Search Service May Cause 100% CPU Usage if BUILTIN\Administrators
Login is Removed (Q295034)


Instructions




  1. Click Start,
    point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.

  2. In SQL Server Enterprise Manager, double-click SQL Server Group, and then double-click the SQL Server that you want
    to secure.

  3. Click the Security folder, click Server Roles, and then double-click System
    Administrators     in the right pane.

  4. In the Server Role Properties dialog box, click BUILTIN\Administrators, and then click
    Remove.




Additional Information





SQL Server 7.0 Security





Microsoft SQL Server 2000 Security


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)