February 3, 2010 at 11:19 am
Hi,
I need want to delete this 3 groups from the SQL Server 2005 instance.
NWSRV2\SQLServer2005MSFTEUser$NWSRV2$DESENVOLVIMENTO
NWSRV2\SQLServer2005MSSQLUser$NWSRV2$DESENVOLVIMENTO
NWSRV2\SQLServer2005SQLAgentUser$NWSRV2$DESENVOLVIMENTO
Under the security tab of the SQL Server Instance i want to let only the the following logins , with the following permissions:
sa - sysadmin
NT AUTHORITY\SYSTEM - sysadmin
NT AUTHORITY\Service - sysadmin
The SA account is to connect to SQL Server as sysadmin (i will then create my SQL Server login with sysadmin previleges)
The NT AUTHORITY\Service account is to run the SQL Server Agent service.
The SQL Server Service will run with a Domain account that as NO permissions inside my SQL Server.
AS you can see there i have deleted the builtin\adminstrators and the other groups that are created by default when SQL Server is installed.
We don't need to execute jobs or maintenance plans out of the box, that's why we use the NT AUTHORITY\Service.
1) Do you see any problems that can be caused because of this configuration?
Do you recommend that i test witch part(s) of SQL Server to see if this works?
I think that we will not have problems.
What i'm traing to achieve is that only SQL Server logins can connect to SQL Server. No windows logins can connect to it, not even the Domain admins...
Do you think that i will be limited in any form because i removed those groups from SQL Server???
Thank you.
2) i will remove the Domain admins from the builtin\administrator group of my SQL Server operating system.
Viewing 0 posts
You must be logged in to reply to this topic. Login to reply