Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
shinobigoh
Starting Member
13 Posts |
 Posted - 2011-06-20 : 02:35:22
|
| Hi , I read this article http://support.microsoft.com/kb/932881 it stated that"if SQL Server 2005 is started in single-user mode, any user who has membership in the BUILTIN\Administrators group can connect to SQL Server 2005 as a SQL Server administrator. The user can connect regardless of whether the BUILTIN\Administrators group has been granted a server login that is provisioned in the SYSADMIN fixed server role. This behavior is by design. This behavior is intended to be used for data recovery scenarios."does anyone know a way to prevent system administrators from starting the database in single user mode so system administrators can never access the databasethank you |
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2011-06-20 : 10:54:21
|
| Remove the Windows/Domain users from the Local Admin group that you don't want to be local admins.You can also remove the BULTIN/Administrators login from SQL if you want. |
 |
|
|
jeffw8713
Aged Yak Warrior
819 Posts |
Posted - 2011-06-20 : 15:56:37
|
| You cannot completely lock out system administrators from accessing SQL Server. The above workaround is there so you can access SQL Server if all sysadmins in SQL Server have been locked out, or you need to recover the system and restore the master database.Unless you are stopping SQL Server on a regular basis (not recommended), then system administrators can be blocked from accessing the system by removing/disabling or removing the rights to the BUILTIN/Administrators group.Jeff |
|
|
|
shinobigoh
Starting Member
13 Posts |
Posted - 2011-06-20 : 22:48:51
|
| Hi everyoneMy client wants me to prevent system administrators from accessing the database under all circumstances.I guess I will tell them it would be impossible to prevent administrators from accessing the database.thank you for all your help and i really appreciate it. |
|
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2011-06-20 : 22:51:39
|
quote:
My client wants me to prevent system administrators from accessing the database under all circumstances.
Do they also visit hospitals that don't allow doctors? Tell them to hire trustworthy administrators then. |
|
|
|
russell
Pyro-ma-ni-yak
5072 Posts |
Posted - 2011-06-21 : 09:16:48
|
quote:
Originally posted by robvolk
quote:
My client wants me to prevent system administrators from accessing the database under all circumstances.
Do they also visit hospitals that don't allow doctors? Tell them to hire trustworthy administrators then.
LOL. Good point.And...Police Officers without guns.Bus drivers without keys.Bank tellers without access to cash... |
|
|
|
|
|
|
how to prevent startup in single user mode