Dear All,
Can someone tell me what this actually is and what it,
more importantly where I would get it changed.
The reason is that a user (an ex developer) can give
themselves SA rights although through there NT
Authorization however they are not an administrator and
should not be allowed to access any of the server security
properies.
The only theory I have is that the BUILTIN\Administrators
is allowing SA access as its the only group I currently
have.
Thanks for reading
Peter
There are several ways to work around this:
1. Remove the exdevelopers from the NT administrators group and change the
password of local administrator account on the server machine.
2. An extreme solution, which I have used on my local server is to delete
this group from SQL Server. You can then add individaully or by another
group that you can control who has sa access on the server. I would
recommend you test this solution well before trying it in production.
Amol.
"Peter" <anonymous@.discussions.microsoft.com> wrote in message
news:b57301c43762$44127700$a101280a@.phx.gbl...
> Dear All,
> Can someone tell me what this actually is and what it,
> more importantly where I would get it changed.
> The reason is that a user (an ex developer) can give
> themselves SA rights although through there NT
> Authorization however they are not an administrator and
> should not be allowed to access any of the server security
> properies.
> The only theory I have is that the BUILTIN\Administrators
> is allowing SA access as its the only group I currently
> have.
> Thanks for reading
> Peter
>
|||Thanks Amol
Peter
>--Original Message--
>There are several ways to work around this:
>1. Remove the exdevelopers from the NT administrators
group and change the
>password of local administrator account on the server
machine.
>2. An extreme solution, which I have used on my local
server is to delete
>this group from SQL Server. You can then add individaully
or by another
>group that you can control who has sa access on the
server. I would
>recommend you test this solution well before trying it in
production.
>Amol.
>
>"Peter" <anonymous@.discussions.microsoft.com> wrote in
message[vbcol=seagreen]
>news:b57301c43762$44127700$a101280a@.phx.gbl...
security[vbcol=seagreen]
BUILTIN\Administrators
>
>.
>
|||The second solution is potentially dangerous. Services, such as the Full
Text engine require the BUILTIN\Administrators group to be given access to
SQL Server...
Cheers,
James Goodman
"Amol Kasbekar" <apk@.nospam.com> wrote in message
news:%23vclye2NEHA.3944@.tk2msftngp13.phx.gbl...
> There are several ways to work around this:
> 1. Remove the exdevelopers from the NT administrators group and change the
> password of local administrator account on the server machine.
> 2. An extreme solution, which I have used on my local server is to delete
> this group from SQL Server. You can then add individaully or by another
> group that you can control who has sa access on the server. I would
> recommend you test this solution well before trying it in production.
> Amol.
>
> "Peter" <anonymous@.discussions.microsoft.com> wrote in message
> news:b57301c43762$44127700$a101280a@.phx.gbl...
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment