Here is a script that all DBA's should run periodically even if you think you know who may have 'sa' and or other rights within SQL Server. Once in a great while a new install will have a userid need these rights to install and then you may forget to drop this higher rights.
Select
'Login Name'= Substring(upper(SUSER_SNAME(SID)),1,40),
'Login Create Date'=Convert(Varchar(24),CreateDate),
'System Admin' = Case SysAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Security Admin' = Case SecurityAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Server Admin' = Case ServerAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Setup Admin' = Case SetupAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Process Admin' = Case ProcessAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Disk Admin' = Case DiskAdmin
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End,
'Database Creator' = Case DBCreator
When 1 then 'YES (VERIFY)'
When 0 then 'NO'
End
from Master..SysLogins order by 3 Desc