October 20, 2010 at 2:51 am
Hi all
I have installed SQL under a local admin account and during the installation I specified an group to be Sys Admins for SQL.
I now want to ensure that only the group is sysadm and not the installation account. When I log on to the instance I can't see the installation account in Logins, yet I am also able to log onto the instance using the installation account.
Where is the installation account? How can I remove it? Is this to do with installing using the SID recommendation?
Thanks
October 20, 2010 at 4:21 am
you sqlserver services are running on the Local account, used for the installation
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
This thing is addressing problems that dont exist. Its solution-ism at its worst. We are dumbing down machines that are inherently superior. - Gilfoyle
October 20, 2010 at 5:58 am
I am not sure what you mean, I had dedicated domain accounts for each service.
October 25, 2010 at 2:16 am
Is this a clustered install by any chance??
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
October 25, 2010 at 2:31 am
No it wasn't actually, it was a single instance install on a VM.
October 26, 2010 at 6:36 am
Do you have a BUILTIN/ADMINISTRATORS login? If so, then you are able to login using the local admin group.
You can safely remove the BUILTIN/ADMINISTRATORS login provided that you are not relying on that group for your DBA access.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
October 26, 2010 at 7:16 am
This was a SQL 2008 R2 install and built in admins is removed by default now, so no that group was not present.
October 26, 2010 at 7:34 am
Kwisatz78 (10/20/2010)
I have installed SQL under a local admin account
previously you have said that you used a domain account for each service, so what accounts did you use domain or local?
Kwisatz78 (10/20/2010)
and during the installation I specified a group to be Sys Admins for SQL.I now want to ensure that only the group is sysadm and not the installation account. When I log on to the instance I can't see the installation account in Logins, yet I am also able to log onto the instance using the installation account.
By installation account i'm assuming you mean service account?
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
October 26, 2010 at 7:45 am
Sorry I will try to clarify.
I logged onto the server using a domain account X that is also part of the local admins group, this is what I am calling the installation account.
I did the installation of SQL and defined different service accounts Y, Z for each of the services.
I also added a AD group A during the installation to be SA.
Whats confusing me is how is it letting me log onto SQL as the installation account X with what seems like full admin permissions when there is no Built in admin group present, nor is the installation account defined anywhere in the logins?
October 26, 2010 at 10:34 am
could you post a screenshot of the logins section from SSMS
Also, did you install the instance in windows or mixed mode
-----------------------------------------------------------------------------------------------------------
"Ya can't make an omelette without breaking just a few eggs" 😉
November 1, 2010 at 5:52 am
Hi sorry it seems the environment was removed so can't get a pic of the logins, but the account I used was not in the logins section neither was any groups that the account could have been a member of. It was installed in Windows.
Viewing 11 posts - 1 through 11 (of 11 total)
You must be logged in to reply to this topic. Login to reply