March 17, 2009 at 12:46 am
Hi,
Just wanted to ask about MS SQL server 2005 permissions. Is it possible to block Domain admin access to a database and if so how is it done?
March 17, 2009 at 2:00 am
Hello
No, that's not possible if your server is part of the domain. You can remove the domain admin from local server permissions but he is always able to back the permissions. On server the administrator has always all rights within SQL Server.
Greets
Flo
March 17, 2009 at 2:28 am
Thank you for your reply.
March 18, 2009 at 4:25 am
This is easy. You need to remove the 'BUILTIN/Administrators' account from SQL Server.
Before you do this, you need to add an account the DBAs can use to manage SQL Server. The best practice is to use a Windows group, and give that group sysadmin authority in SQL Server. This way DBAs can be added or removed from the group and you do not have to change SQL Server security.
There is an emergency back door that can give anyone in the local Administrators group access to SQL Server. If SQL Server is started in 'Single User Mode' then the local Administrators group always has sysadmin access, regardless of what security is set up in SQL Server. This allows you to add the DBA group as sysadmin if you forget to do this before.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
March 18, 2009 at 6:33 am
Thank you. This was it what I was looking for. 😉
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply