SSWUG.com asked a similar question. Since I'm primarily security focused, that was most prominent on my mind. Here's the list I sent them in an email:
Membership of the local Administrators group.
Quick vetting of anyone in the local Administrators group.
What service accounts the services are running under and what rights they have on the server.
Quick vetting of who has the passwords to these service accounts.
Disk allocation and used/free space.
All logins to the SQL Server.
All logins assigned to the various server roles.
All owners of the individual databases.
Quick vetting of anyone that's a member of the sysadmin fixed server role.
Quick vetting of anyone who has a password to a SQL Server login that's a member of the sysadmin fixed server role.
Backup strategy on each database.
Any information on successful testing of restores.
Applications which use the SQL Server.
How they connect in.
Documentation on the actual rights they need.
Comparison of what rights they were given.
How are the database files distributed?
Is the RAID configuration sufficient?
K. Brian Kelley, CISA, MCSE, Security+, MVP - SQL Server
Regular Columnist (Security), SQLServerCentral.com
Author of Introduction to SQL Server: Basic Skills for Any SQL Server User
| Professional Development blog
| Technical Blog