SQL Server 2005 Security:

Hi I have a sitaution where I have domain admins logging on to SQL SErver and automatically accessing SQL Server as syadmin.

Here are the steps I am planning to take to fix this problem!

1. Create a a non administrative domain account called SQLDBA and add it as sysadmin on SQL Server.

2. Make sure the SQL Services are using a special account called SQLServices non administrative domain account with Log on as service rights and added as a sysadmin on sql server.

3. Remove the builtin\administrators from sql server

The way I envision this is anyone who log on with a domain admin acct will need to specially log on to sql server with a restrictive sql login instead of how they use to automatically get logged in.

Are there any pitfalls I am not seeing ? I have reporting services running on the sql server. Its SQL Server 2005 Standard edition. Plz help!

[914 byte] By [NB76] at [2007-12-24]

«« Intel(R) PRO/100 Network Adapter
»» Sending Data between forms not working!

# 1

#1 is fine.
for #2, you want to use SQL Server Configuration Manager to change the service account. By using the tool, the non-domain/local-admin accout will be added to the proper local groups and will be granted proper permissions.
#3 is fine.

Doing the above is actually recommended if security is your concern.

I suggest you take a look at the following article for additional insights.
http://msdn2.microsoft.com/en-us/library/ms143504.aspx

oj at 2007-10-8 >

top of Msdn Tech,SQL Server,SQL Server Database Engine...

SQL Server Hot Topic

SQL Server New Topic

SQL Server

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech