Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Lizard
Starting Member
2 Posts |
 Posted - 2004-03-17 : 12:34:03
|
Sorry if this has been asked before, I've had a quick search through but can't find anything.We've got a number of SQL 2k boxes, some of which are being put into my field (so I guess it's time to get trained). There are a number of NT domain admins who of course have full SQL access (though they don't know it yet) but I'd rather they didn't. They will however need some basic update access to a few tables.I know I could just remove the NT domain admins from the local admins group but these boxes are used by various people who will moan if I do that. Removing builtin\admins from the SQL logins might also fubber up some essential part of SQL I don't know about since I didn't set up the box or the apps that access the databases.Help!  |
|
|
tkizer
Almighty SQL Goddess
38200 Posts |
Posted - 2004-03-17 : 13:24:50
|
| First, create an account that has sysadmin fixed server role. Then remove the BUILTIN\Administrators group. Then add the Windows accounts. Then grant minimum permissions to these accounts. Removing the BUILTIN\Administrators group is actually a recommended practice. We don't do it here as it isn't needed. Just make sure that someone has sysadmin role besides just the BUILTIN\Administrators group prior to remove the group.Tara |
 |
|
|
|
|
|
Help a newbie - domain admins