thx Lowell :-)
yes u r correct, users have Sysadmin permission .
Is there any way to Audit the Changes (delete , disable) on DDL Triggers .
The sys.triggers table has the flag value "is_disabled" .
monitoring this flag value changes will help to resolve this ?
I'll say it again, but I have the feeling you are afraid to make the change.
take away sysadmin permissions.
Minimum permissions is what they should have.
do it now.
add the logins as users to each of the databases they really need access to; and use an existing role create a new role that has the actual permissions they need in that database.
after that, there's no need to monitor anything, because noone can do anything behind your back; if they need to create something, then they can contact you, and you can review the item, suggest proper changes, or create it on their behalf.
help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!