Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
Log in  ::  Register  ::  Not logged in

Removing NT Administrators as Sysadmins

By Brian Knight,

By default, all NT administrators of the domain that your SQL Server is installed in, have SA rights in every database. This presents interesting challenge for DBAs, political and technical. Does your NT administrator group need SA rights to every database? The answer is no.

Let me take a moment to contradict and clarify the statement I just made. Although the NT group "Administrators" does not need SA rights, the people inside that group may need SA rights. The better way to lock down your SQL Server versus the default would be to create a second user group and assign any users that need SA rights into it. By doing this, you give only the NT administrators that need SA access the rights as well as create a universal SA group to audit.

The first step before you do this would be to remove the current administrators group from your SQL Server. You can do this by expanding the Security group and selecting Logins. Then, delete the BULTIN\Administrators login in the right pane.

Now, create a new NT group and reverse the steps. Generally there is no need to give your network administrators SA rights, but if there is a need, do so through this technique.

Total article views: 4030 | Views in the last 30 days: 0
Related Articles

Denying Local Administrators accounts Sysadmin rights ?

How do I - Denying Local Administrators accounts Sysadmin rights ?


The user group “administrators” had full access rights before

after execution sp_attach_db and sp_detach_db user group “administrators” disappeared


Multi-Server Administration

Multi server administration allows you to create jobs and maintenance plans once. You can then monit...


Creating USER Group in SQL Server 2005

Creating USER Group in SQL Server 2005


More on DBAs and Local Administrator Rights

I'm looking over the comments about DBAs and local Administrator rights and I noticed an interesting...

sql server 7    

Join the most active online SQL Server Community

SQL knowledge, delivered daily, free:

Email address:  

You make SSC a better place

As a member of SQLServerCentral, you get free access to loads of fresh content: thousands of articles and SQL scripts, a library of free eBooks, a weekly database news roundup, a great Q & A platform… And it’s our huge, buzzing community of SQL Server Professionals that makes it such a success.

Join us!

Steve Jones

Already a member? Jump in:

Email address:   Password:   Remember me: Forgotten your password?
Steve Jones