Hi jrasmussen,

Generally the way to control access to SQL Server be it from Admins or otherwise is through adding and removing accounts from the Security Roles.

The General Rule of thumb is to:

- Create an AD Domain Group for DBA's,

- Add the DBA's to it

- Add the Group to SQL Server

- Grant the appropriate Privileges to it (eg. sysadmin SQL Server-level role)

- and then locate the local admins group and remove the excess roles and privileges from it.

This assumes that you've correctly set up the service accounts (see: "Setting Up Windows Service Accounts" in SQL Server Books Online) and ensured that your applications are not configured to use admin accounts etc as well.

Connecting through Windows Authentication is generally the tried and trusted method of authenticating to SQL Server as well. its another thing to look into in case there's an SA account lying about that hasn't been secured and can act as a back door into your SQL Server.

Hope it helps,

Charley Hanania.