September 20, 2005 at 2:36 pm
Win2000\SQLServer2000\Win Auth Mode
Is it possible to remove the BUILTIN\Administrators Windows Group and run a third party application that needs Local Admin rights?
Here is what I have done so far:
I was given a Domain Account that has Local Admin rights to the Server. Then I created a SQL Server Login using this Domain Account. Then I changed the Services of the third party App to Log On using this Domain Account.
The Service starts fine. If I Deny access to the BUILTIN\Administrators Windows Group the App that uses it fails. When I Grant access to the BUILTIN\Administrators Windows Group the App that uses it works fine.
Also, can I mention the third party app here or is that in violation of sqlservercentral posting rules?
Thanks
September 20, 2005 at 3:24 pm
When you deny access to the group BUILTIN\Administrators, you are denying access to all members of the group, including the domain account used for the SQL Server service.
First, add all the domain accounts as a Server login with SQL Server system administrator rights.
Second, drop the group BUILTIN\Administrators - not deny.
SQL = Scarcely Qualifies as a Language
September 20, 2005 at 11:24 pm
Dropping the BUILTIN\Administrators will also affect the SYSTEM account, and Full text indexing.
KB for info for removal of the BUILTIN\Administrators SQL Server login:
http://support.microsoft.com/kb/317746
Andy
September 21, 2005 at 8:13 am
Carl, thanks a million. I was "Denying" access for testing purposes thinking that I could turn access on and off. This now makes perfect sense, Drop the group, not Deny Access.
David, thanks for your input and the info about the KB link.
Steve
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply