BUILTIN\Administrators

Is it customary/good practice to remove the
BUILTIN\Administrators group from the system databases?
Thanks,
FergieI usually create some other group for the windows accounts who are to be
sysadmins and remove this one.
--
Tibor Karaszi, SQL Server MVP
Archive at:
http://groups.google.com/groups?oi=djq&as_ugroup=microsoft.public.sqlserver
"Fergie" <anonymous@.discussions.microsoft.com> wrote in message
news:e91b01c3f086$ed5684a0$a501280a@.phx.gbl...
> Is it customary/good practice to remove the
> BUILTIN\Administrators group from the system databases?
> Thanks,
> Fergie|||In my experience it is common to do this. Many places I've
worked have domain admins in the local admins group of
each server and there have been too many people on the
network who are administrators and don't know SQL. However
if you do remove it, first of all be sure to create a
login in the sysadmin role which is an 'invariant' login.
Also, there are implications as far as full-text indexing
is concerned - you'll need to add NT Authority\System as a
sysadmin - see the article on this by Brian Kelley
(http://www.sqlservercentral.com/columnists/bkelley/sqlserv
ersecuritysecurityadmins.asp).
Regards,
Paul Ibison
>--Original Message--
>Is it customary/good practice to remove the
>BUILTIN\Administrators group from the system databases?
>Thanks,
>Fergie
>.
>|||Be very careful if you try to do this to a clustered SQL server. I think
there is a kb article about it.
Christian Smith
"Fergie" <anonymous@.discussions.microsoft.com> wrote in message
news:e91b01c3f086$ed5684a0$a501280a@.phx.gbl...
> Is it customary/good practice to remove the
> BUILTIN\Administrators group from the system databases?
> Thanks,
> Fergie