azinyama (11/5/2012)
Another question though...What would I then do about preventing people from using Windows Authentication to log in???
just because you have a windows login, does not auto-magically mean the login is sysadmin, and has access to everything.
Its very common in a dev environment that everyone has access to everything, and that loose coding practice can be tempting to pass on to production.
I think that's a key component to being a competent DBA: understanding security and how to limit access to just what is REALLY needed.
So your objective really is two fold: make sure normal users are never granted excessive permissions, and to create a Role that contains just the needed permissions for the application(?) to use.
Lowell