anthony.green (11/5/2012)
If you impliment the right security at the login level to prevent people adding people into the role then yes, but remember if a user has sysadmin rights they can do what they want even if you put an explict deny on the operation.
That doesn't sound like an option since we'd like to restrict everyone even sysadmins.