Thank this author by sharing:
By Brian Knight,
Let me take a moment to contradict and clarify the statement I just made. Although the NT group "Administrators" does not need SA rights, the people inside that group may need SA rights.
The better way to lock down your SQL Server versus the default would be to create a second user group and assign any users that need SA rights into it.
By doing this, you give only the NT administrators that need SA access the rights as well as create a universal SA group to audit.
The first step before you do this would be to remove the current administrators group from your
SQL Server. You can do this by expanding the Security group and selecting Logins. Then, delete the
BULTIN\Administrators login in the right pane.
Now, create a new NT group and reverse the steps. Generally there is no need to give your network administrators SA rights, but if there is a need, do so through this technique.
How do I - Denying Local Administrators accounts Sysadmin rights ?
after execution sp_attach_db and sp_detach_db user group “administrators” disappeared
Multi server administration allows you to create jobs and maintenance plans once. You can then monit...
Creating USER Group in SQL Server 2005
I'm looking over the comments about DBAs and local Administrator rights and I noticed an interesting...