December 11, 2013 at 9:36 pm
Hi Friends
Please explain which logins are members of BuiltinAdministrator group in sql server.its from local server only or those who are admin at domain level to become member.
Second which privileges are required to disabled/delete BuiltinAdministrator because at one of our client i was logged as sa but even then i was not able to disabled BuiltinAdministrator .It was giving error either BuiltinAdministrator doesnot exist or you donot have permissions
Thanks and regards
Anoop Pandey
December 16, 2013 at 5:29 am
By default the Domain Admins group is part of the local Administrators group. This is the normal security model and you should not change this unless you have an alternative security model worked out. You should also test your alternative security model in a non-production environment before changing Production.
It may be possible to delete the local Administrators group but I suspect Windows would prevent this. If you did delete this group then there would be no account that could apply Windows or SQL Server patches, so deleting this group would put the security of the server at risk.
You did not give any background to why you want to do the things you have asked questions about. If you want to improve server security it would be good if you described your objectives and asked the best way to achieve them. At the moment your questions imply you do not fully understand the Windows security model or the implications of changing it, and there is a risk that any changes you make could cause more problems than they solve.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 2 posts - 1 through 1 (of 1 total)
You must be logged in to reply to this topic. Login to reply