Make sure you won't lock yourself out (i.e. create your account/domain account in SQL with sysadmin, or know the sa account)
By default, I believe SQL 2008 doesn't include BUILTIN\Administrators as sysadmin, while SQL 2005 does
It is not good practice to automatically assume all Local Admins are SQL Admins
Another way is to add that other user's account specifically (say DOMAIN\userB), and give him data_reader only
The login permissions should override the group permissions