BUILTIN\Administrators Account

I was told to give reasons why we keep
the 'BUILTIN\Administrators' Account and I came up with
the following. If there are any other reasons please let
me know. May be there is no reason to keep this account.
The server is set to SQL Server & Windows Authentication.
Thanks.
1- If the domain controller fails and/or the server
becomes as 'Stand alone' server, we may be locked out of
the SQL Server.
2- Removing this account leaves us to use only 'sa'
account to log on to the server in case of a failure. If
the 'sa' password is not available, we will be locked out
of SQL Server.
3- If 'sa' password gets out of sync, we will be locked
out of SQL Server.
Hi Dan,
If you keep BUILTIN\Administrators in your logins account you actually give
SysAdmin rights to any local administrator in your or trusted domain, so
it's highly recommended to delete this account from logins, but nobody
prevent you from putting local\Administrator account for purposes you
already described.
Regards,
Daniel
"Dan" <anonymous@.discussions.microsoft.com> wrote in message
news:224801c52e44$b057b900$a401280a@.phx.gbl...
> I was told to give reasons why we keep
> the 'BUILTIN\Administrators' Account and I came up with
> the following. If there are any other reasons please let
> me know. May be there is no reason to keep this account.
> The server is set to SQL Server & Windows Authentication.
> Thanks.
> 1- If the domain controller fails and/or the server
> becomes as 'Stand alone' server, we may be locked out of
> the SQL Server.
> 2- Removing this account leaves us to use only 'sa'
> account to log on to the server in case of a failure. If
> the 'sa' password is not available, we will be locked out
> of SQL Server.
> 3- If 'sa' password gets out of sync, we will be locked
> out of SQL Server.
|||You can remove the builtin\administrators group from SQL
Server. However, under some scenarios, this can cause
problems. Whether you experience problems or not depends.
The following article has a more information section with
links to some issues that could come up:
INF: How to impede Windows NT administrators from
administering a clustered instance of SQL Server
http://support.microsoft.com/?id=263712
-Sue
On Mon, 21 Mar 2005 10:35:00 -0800, "Dan"
<anonymous@.discussions.microsoft.com> wrote:

>I was told to give reasons why we keep
>the 'BUILTIN\Administrators' Account and I came up with
>the following. If there are any other reasons please let
>me know. May be there is no reason to keep this account.
>The server is set to SQL Server & Windows Authentication.
>Thanks.
>1- If the domain controller fails and/or the server
>becomes as 'Stand alone' server, we may be locked out of
>the SQL Server.
>2- Removing this account leaves us to use only 'sa'
>account to log on to the server in case of a failure. If
>the 'sa' password is not available, we will be locked out
>of SQL Server.
>3- If 'sa' password gets out of sync, we will be locked
>out of SQL Server.