I've worked for smaller companies where, as the DBA, I was responsible for everything. From installing the physical server, to patching the OS and SQL Server. I've also worked for larger companies with a much more diversified work force. There, I didn't handle the machines or the OS at all. I was only, ever, responsible for SQL Server and what went into it. It was sometimes, but not always, a joint effort to patch the servers. It depended on if there were dependencies (patch the OS, then the SQL Server instance, for example). However, I really grew to prefer this approach. Two reasons. They people who know the hardware and OS better are responsible for those. I can focus where my skills are, SQL Server. Just think the time spent learning subtle OS settings & details is time taken away from learning the same in SQL Server. Also, dividing up security, who has access to what, and limiting some groups access (we couldn't get at the OS at all, nor could we get at the network) helps improve security quite a lot (even as it adds some management & comms overhead). As organizations expand in size, this is usually where they end up.