Re: builtin/administrators

From: Russell Fields (RussellFields_at_NoMailPlease.Com)
Date: 08/17/04 

Date: Tue, 17 Aug 2004 10:09:18 -0400

flo,

Here is an article (talking about clusters) that addresses some of your
concerns.
http://support.microsoft.com/default.aspx?scid=kb;en-us;263712

One example of a side-effect that you must manage is:
http://support.microsoft.com/default.aspx?scid=kb;en-us;237604

Also, from the BOL on: Setting up Windows Services Accounts
If the startup account assigned to the MSSQLServer Service is not a member
of the Local Administrators group, or if the BUILTIN\Administrators SQL
Server login has been removed, you must add the startup account for the
MSSQLServer service or the SQLServerAgent service, or both, to the SQL
Server system administrators (sysadmin) role. Grant the [Domain\NTaccount]
user a logon to SQL Server.

Hope that helps you.

Russell Fields

"flologic" <flo@flo.net> wrote in message
news:eReee6FhEHA.632@TK2MSFTNGP12.phx.gbl...
> Hi, our sql box has too many people (including sql service account) with
> local admin rights, some even have domain admin rights. I am trying to
> tighten the security on those boxes and decrease the security level of
those
> people. What I am planning to do is take builtin/administrator login out
of
> the sql box, and add sql services account back and grant SA rights to it.
> Does anyone see any problem with this approach? Thanks.
>
>

Relevant Pages

  • Re: builtin/administrators
    ... If you add ANY NT group and grant that group SQL Admin privileges then you ... Wayne Snyder, MCDBA, SQL Server MVP ... from the BOL on: Setting up Windows Services Accounts ...
    (microsoft.public.sqlserver.server)
  • RE: Fulltext failure on a 2 node cluster
    ... Server full-text search resource online: "SQL Cluster Resource 'Full Text' ...
    (microsoft.public.sqlserver.clustering)
  • Re: HELP PLEASE ~ ???
    ... You mentioned that it went ahead and added a SQL ... SQL Server 2000 database for all my data. ... find the connectionString in the newly recreated SQLExpress database. ... The connection string specifies a local Sql Server Express instance ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Multi-Channel Raid VS SAN Storage
    ... A 5~6 years old server is a very old server. ... As I mentioned, the server is one node in a cluster environment, and SQL is ... We actually are running RAID 1+0 and our aplication is definately more ... needs it's own SAN device, or at least a dedicated IO channel on the SAN. ...
    (microsoft.public.sqlserver.setup)
  • Re: Multi-Channel Raid VS SAN Storage
    ... A 5~6 years old server is a very old server. ... As I mentioned, the server is one node in a cluster environment, and SQL is ... We actually are running RAID 1+0 and our aplication is definately more ... needs it's own SAN device, or at least a dedicated IO channel on the SAN. ...
    (microsoft.public.sqlserver.setup)