April 26, 2013 at 1:59 am
In sql server login list i have BUILIN\Administartor(has sysadmin) and BUILTIN\Users(only public permission) with other logins too.
I think these two are created while installing sql as i have not created it manually. So i want to know if i add a windows authentication login then from which login it will consider permission? I mean does BUILIN\Administartor will override the windows authentication logins of each users in that pc?
Also can i delete those Builtin logins?
April 26, 2013 at 2:17 am
Basically, the BUILTIN\Administrators group includes all local (Windows) admins and the BUILTIN\Users group includes all local users.
So, what this means is that any account in the Windows local admin group has SQL Server sysadmin rights and any local windows user has SQL Server public access.
Yes, these groups can be deleted and doing so is a good idea if you do it right.
For more details, check this link:
http://www.mssqltips.com/sqlservertip/1017/security-issues-with-the-sql-server-builtin-administrators-group/[/url]
Vegard Hagen
Norwegian DBA, occasional blogger and generally a nice guy who believes the world is big enough for all of us.
@vegard_hagen on Twitter
Blog: Vegards corner (No actual SQL stuff here - havent found my niche yet. Maybe some day...)
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply