Creating System Admin Group

Question

Post reply

Creating System Admin Group

Carl Rimmer

SSCarpal Tunnel

Points: 4068
More actions
April 8, 2005 at 3:23 am

#88048

Can anybody help me out.
I have created a new TEST SQL Server. I am aiming to remove access to the BUILINT\Administrators group and have done the following:
Created GLOBAL Domain Group and added myself to it.
Created a Local Group on the SQL Server via Computer Management
Added the GLOBAL Domain Group to the SQL Server local Group
Created a Login for the SQL Server Local Group and assigned Sys Admin permissions to this group.
Removed myself from the Administrators Group on the SQL Server via Computer Management and attempted to connect to the SQL Server but failed?
I haven't yet removed the BUILTIN\Administrators Login
As a further test, I had a colleague added to the Global Domain group and when they attepmt to register the SQL Server with Windows Authentication it fails?
I was aiming to ensure the new System Admin Group Login would work before removing access for BUILTIN\Administrators.
Any help would be greatly appreciated.
Carl

Viewing 11 posts - 1 through 10 (of 10 total)

You must be logged in to reply to this topic. Login to reply

Frank Kalis SSC Guru Points: 111183 More actions · Answer 1

See if these help:

http://support.microsoft.com/default.aspx?scid=kb;EN-us;322988

http://support.microsoft.com/kb/216808/EN-US/

http://support.microsoft.com/kb/263712/EN-US/

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

Carl Rimmer SSCarpal Tunnel Points: 4068 More actions · Answer 2

I'll have a look at the articles thanks.

Congratulations on receiving your MVP Frank, you've helped me out a number of times.

Frank Kalis SSC Guru Points: 111183 More actions · Answer 3

Thanks

--
Frank Kalis
Microsoft SQL Server MVP
Webmaster: http://www.insidesql.org/blogs
My blog: http://www.insidesql.org/blogs/frankkalis/[/url]

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 4

Out of curiosity, what happens if you add the domain global group directly to SQL Server, without the local group?

K. Brian Kelley
@kbriankelley

Carl Rimmer SSCarpal Tunnel Points: 4068 More actions · Answer 5

Looks like I might have been slightly too eager in my attempt to login.

I have tried it again today and it works fine.

I think the domain hadn't synchronised when i was trying.

I have removed the BUILTIN\Adminstrators and myself and my colleague can both login fine.

Carl Rimmer SSCarpal Tunnel Points: 4068 More actions · Answer 6

Hi Brian,

I was thinking of trying the Global account directly, but as you can see from my previous email, it works fine now.

It must have been due to the domain syncronisation?

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 7

Looks like I was writing as you were submitting. Check the logs both on your server and on the DC to see if there were any issues regarding your computer in the system event log?

K. Brian Kelley
@kbriankelley

K. Brian Kelley SSC Guru Points: 114642 More actions · Answer 8

How about the actual OS system event logs?

K. Brian Kelley
@kbriankelley

Carl Rimmer SSCarpal Tunnel Points: 4068 More actions · Answer 9

Brian,

The only message in the SQL Server Event Log was a login failure message for my domain account.

Carl Rimmer SSCarpal Tunnel Points: 4068 More actions · Answer 10

Sorry Brian,

the message I saw is from the application log in event viewer of the SQL Server