August 26, 2010 at 9:43 am
We mistakenly set up a kind of "universal" admin within Active Directory and SQL Server. This was created some time back and the login has ownership of many objects in SQL Server.
An administrative account is a Domain Admin and it is a Sys Admin in SQL Server as well. We would like to get feedback on how SQL Server roles and permissions will be affected when we strip Domain Admin rights from the acct. to get the login within best practices. If the login is associated, say, with job ownership in SQL Server or schema ownership, will there be any adverse affects when we remove Domain Admin rights from the Sys Admin acct?
August 30, 2010 at 9:39 am
One thing to watch out for is the Network resources. If your sql server agent does not have enough network rights, it could cause problems. For instance, you have a job that takes back up over the network. You remove the rights from the user then the job fails unless you give specific rights to the share/folder.
Same with replication agents as well.
-Roy
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply