• Make sure you won't lock yourself out (i.e. create your account/domain account in SQL with sysadmin, or know the sa account)

    By default, I believe SQL 2008 doesn't include BUILTIN\Administrators as sysadmin, while SQL 2005 does

    It is not good practice to automatically assume all Local Admins are SQL Admins

    Another way is to add that other user's account specifically (say DOMAIN\userB), and give him data_reader only

    The login permissions should override the group permissions

    SQLServerNewbieMCITP: Database Administrator SQL Server 2005