February 12, 2009 at 7:46 am
Hello. Once a person has completed a full install of SQL Server Developer edition on their computer, do they still need Windows XP administrative rights to their computer? We have an issue here where I approved computer admin rights for my team - which is an exception to company security - and a breach has occurred. I now want to have my team's administrative rights removed from their computers IF they can still perform T-SQL and ETSL functions within SQL Server. Thanks
February 12, 2009 at 1:35 pm
Janie,
You can add your users to the sysadmin role (or another role, if desired) in SQL Server security even if they do not have administrative rights on the machine. This would allow them full control over the SQL Server databases without compromising the machine itself.
One note, you might want to ensure that they have priviliges to stop and start the SQL Server services (including the agent).
hth,
Tim
Tim Mitchell, Microsoft Data Platform MVP
Data Warehouse and ETL Consultant
TimMitchell.net | @Tim_Mitchell | Tyleris.com
ETL Best Practices
February 9, 2010 at 4:04 am
Just a note, if you remove the users' local admin rights on the machine, you will then need to get a domain admin (or someone else who is a local admin on the machine) to add their Windows accounts to the SQL Server sysadmins fixed server role; if, however, you instruct them to do that first (before revoking their Local Admin) they will be able to do it themselves. Bear in mind that anyone else who has local admin rights will still be able to get in to the SQL Server as sysadmin unless you delete the BUILTIN\Administrators group (BUT ONLY DO THAT IF YOU KNOW AND CAN USE 'sa' OR HAVE ALREADY ADDED ANOTHER 'sysadmin'!).
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply