May 28, 2006 at 7:00 am
Hi ...we have the builtin\administrator still enabled.
How have you disabled this ..through SQL
1.....going to Security, server roles, system adminstration and remove the builtin from here...or
2.....deleting it from security logins, can i just do it from 1 above and leave in security logins
If i right click in security logins for builtin account i see the server properties are system administration on the builtin\administrator logins...and it has all databases ticked..
If i just have one new domain\startupsql account would i have to tick all databases in here.
Do i tick all server roles......or does ticking just systemadministrator is enough....
Is there any thing else i should know about before doing this.....
Should i set the start up sql to the new domain\startupsql in EM or can i just stop sql on windows and restart with the new domain\startupsql
Thanks
May 28, 2006 at 9:40 am
Your post is a little confusing. To remove this, go to security folder, then logins folder and delete the builtin admins. Be sure you have more than one account setup as a sysadmin before you do this. Do not change the roles or anyting else.
May 30, 2006 at 3:21 pm
Removing BUILTIN\Administrators from the system administration role will take away "sa rights" but will still allow members of the local Administrators group to connect to SQL Server. Steve's suggestion, to remove it from logins, will prevent the members from connecting altogether unless they have another way in.
As Steve indicated, make sure you have another way into SQL Server with "sa rights" before you remove this login. Also, verify that you have the SQL Server service account and the SQL Server Agent service account created as logins with sysadmin rights. If you are running on a cluster, make sure the cluster service account has login rights (it doesn't need anything more than that) and if you're supporting full text, make sure NT Authority\System has login and sa rights as well.
As far as changing service accounts, do so through EM. EM will ensure the service account has all the appropriate permissions needed within SQL Server, the registry, the local security policy, and the file system.
K. Brian Kelley
@kbriankelley
Viewing 3 posts - 1 through 2 (of 2 total)
You must be logged in to reply to this topic. Login to reply