October 16, 2012 at 11:28 am
Hi guys....
Is it possible to restrict a domain admin account from accessing a SQL database?
reply...thnx
October 16, 2012 at 11:34 am
It depends to what degree you're required / need to enforce the issue. As long as the account isn't a valid login within SQL or the BUILTIN\Administrators group doesn't exist on an upgraded system, they can't access SQL without the SA password or an equal account / pw combo. They can however still hack their way in by several known processes which I won't mention.
October 16, 2012 at 11:35 am
Sure... Disable access for groups that you don't want to access SQl Server.
Jared
CE - Microsoft
October 16, 2012 at 11:50 am
Yes..you can. Under SQL Instance, go into Logins.
On the domain account right click on it and select permissions.
go to User Mapping, select only those databases that it needs access to and required role.
If the account need not be there in the first place then scroll to the instance then just delete it from Security/Logins in SSMS.
Thanks.
Satyen
October 16, 2012 at 12:44 pm
No, it's not.
You can remove their access, but that will just slow them down if they really want access. Someone who is local admin on the server can get sysadmin on SQL if they want it, regardless of what you do in SQL.
Gail Shaw
Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply