October 22, 2011 at 9:11 am
hi everyone!!!
i enter in a company where all databases and servers have Admin Domain users like almighty Sysadmins!, i like to close all of then, to make access restricted.... there is a way to do this??
because a AdminDomainUser when enters in SQL Server created automatically login and user with all access to everything....
thanks everyone beforehand!
October 22, 2011 at 10:23 am
remove the BuiltIn admins group or remove its membership from the Sysadmin role in each sql server instance to impede Windows administrators
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
October 22, 2011 at 10:32 am
Just note that it will impede them, not completely prevent them from getting access. If someone has local admin rights and are determined enough (and knowledgeable enough) they'll still be able to access SQL.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
October 22, 2011 at 10:40 am
mvillar (10/22/2011)
hi everyone!!!where all databases and servers have Admin Domain users like almighty Sysadmins!, i like to close all of then, to make access restricted.... there is a way to do this??[/b]
Note: In SQL Server 2008 admin users are no longer automatically granted admin access to SQL Server, someone has obviously granted the admins access during the installation
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
October 22, 2011 at 1:13 pm
Before you do anything, I recommend talking with a manager and stating a case why this is an issue, or why you want to remove it. It might be required by SOX, or there could be another reason.
Personally I liked having remote hands of admins available when I needed it, but I also made sure they were responsible for anything they did without my instruction.
Follow me on Twitter: http://www.twitter.com/way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
October 25, 2011 at 1:11 pm
hi all
i start to close the overpowered users!, this gonna be slow and tough, with a lot of conversation and traits, but at least someday im gonna have total control hehe
thanks with all your help!!
October 25, 2011 at 3:16 pm
We simply deny access and login rights on the status tab of the database login profile. This is for DOMAIN\Administrator login.
Jared
Jared
CE - Microsoft
October 25, 2011 at 3:18 pm
Perry Whittle (10/22/2011)
mvillar (10/22/2011)
hi everyone!!!where all databases and servers have Admin Domain users like almighty Sysadmins!, i like to close all of then, to make access restricted.... there is a way to do this??[/b]Note: In SQL Server 2008 admin users are no longer automatically granted admin access to SQL Server, someone has obviously granted the admins access during the installation
I'm not so sure about that. I installed 2008R2 yesterday while logged in under my own domain account and it created DOMAIN\Administrator user as sysadmin.
Jared
Jared
CE - Microsoft
Viewing 8 posts - 1 through 7 (of 7 total)
You must be logged in to reply to this topic. Login to reply