Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
tbrothers
Yak Posting Veteran
83 Posts |
 Posted - 2012-06-22 : 17:08:19
|
| Hello - We're running SQL 2005 Ent. We use mixed mode authentication. When SQL was installed it automatically created the SQL login BUILTIN\Administrators and added it to the sysadmin role.Assuming we have assigned any other privileges or used this login for anything ... is there any reason I should not delete it?I ask because we're going through an audit and they specifically stated the following:Please confirm that the BUILTIN\Administrators login has been removed and replaced with a Windows group specifically created for database administrators.Thanks,Terry |
|
|
jackv
Master Smack Fu Yak Hacker
2179 Posts |
Posted - 2012-06-23 : 04:38:34
|
| Removing the BUILTIN/Administrators group to prevent local server administrators from accessing SQL Serve is a good idea. Ensure you've tested all apps first - and other processes such as backups, in a lower environment. In SQL Server 2008 BUILTIN\Administrators is not automatically addedJack Vamvas--------------------http://www.sqlserver-dba.com |
 |
|
|
gregory_pfeifer
Starting Member
1 Post |
Posted - 2012-06-23 : 14:30:30
|
| You may also want to check with your Active Directory group prior to removal, we began removing the account on 50 legacy servers to find out they had added admin accounts for Citrix, LANDesk, Symantec, Qualys to this group to limit there work not realizing that it really is a SQL Server group account.GMan |
|
|
|
jeffw8713
Aged Yak Warrior
819 Posts |
Posted - 2012-06-24 : 10:37:09
|
| Before removing the group - just remove the sysadmin rights. Make sure you have setup another account with sysadmin rights before doing this, because if you are getting sysadmin rights through that group and either remove the group or syadmin rights you could lock yourself out of the system.After a few weeks/months without sysadmin rights - you can then remove the group. |
|
|
|
|
|
|
BUILTIN\Administrators