BUILTIN\Administrators - How to tell if nedded
-
Here is a thorny problem for security:Is there any way to tell WHO is logging in and using the BUILTIN login and WHO the real members of it are? I run the
exec sp_helplogins BUILTIN|administrators
script, but it gives back no memebership info at all.How can one investigate beforehand whether deleting the BUILTIN login off the server for security reasons may cause necessary applications logins to be blocked, etc.
Thanks in advance
Jim Ruddy
-
"How can one investigate beforehand whether deleting the BUILTIN login off the server for security reasons may cause necessary applications logins to be blocked, etc."
Well, first of all you need to know how your application and users are accessing the database. Are you using Windows authentication for all DB access? The builtin\administrators group contains all users who exist in the Local Administrators group on your DB server. This Local Administrators group usually contains the Domain\Domain Admins group.
If you plan on removing this group, make sure you (or someone) has Systems Administrators permissions on SQL Server.
-
You can see who belongs to the group with:
exec xp_logininfo 'builtin\administrators', 'members'
As for who's actually logging in, set up a security audit trace. You can define it in Profiler, then save it as a script. Code it up as an autostarting proc & run it on the server.
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply