MarkusB (11/27/2008)
I would add two more tasks to the checklist1. Remove Built-in admiinstrators
2. Disable or at least rename the sa account (in 2005 or higher).
About hte loging of succesful logins I would recommend to use a LOGIN TRIGGER which records the login and the last time it connected. This avoids filling up the SQL errorlog and it's much easier to search through in case you want to know when was the last time a login was used.
I was considering removing Bulti-In Administrators but wasn't sure if that is a good idea or not. I thought I am just being over jelouse by not wanting to give server operations any permissions on the SQL Servers.
But as for SA account I don't think it needs to be renamed because you shouldn't be using the SA for day-to-day work anyways. I tend to leave the SA account name as is, but set a strong password with at least 15 characters, caps, lower-case, number, symbols, etc.
Thanks.
Mohit K. Gupta, MCITP: Database Administrator (2005), My Blog, Twitter: @SQLCAN[/url].
Microsoft FTE - SQL Server PFE
* Some time its the search that counts, not the finding...
* I didn't think so, but if I was wrong, I was wrong. I'd rather do something, and make a mistake than be frightened and be doing nothing. :smooooth:[/font]