Also remember the sa password.

Putting it in a DMZ which only allows access from named machines (ie HR's) may also help secure it.

Other idea's/Comments

1. Encrypting the backups using something like...

You could audit failed logins on that sql server, which would log failed logins.

Frank,

Do you spend all your time checking the number of posts in the forum....

PS Still a way to go for me.

I've seem that once from the security tree in EM, and in that case the changes worked fine when made inside the database itself (again using EM)

Sorry never got time...

You do have the tranfer login task within dts.

Try http://msdn.microsoft.com I seem to remember reading some of there papers about it a while ago.

Don't forget MSDE from your research.

Get the quotes on a t-shirt.

Personally I like the sql one at thinkgeek.

http://www.thinkgeek.com/tshirts/coder/595d/

Frank,

You could always edit your previous post, and remove the offending (or just make it relate to a different database company)

Frank,

Like the quote, must remember that one.

Some developers may have better knowledge of the data/application as they generally wrote it, hence may the best best people to support the data.

But changes need to be controlled, tested...

Trust, yes

But in my instance it is more about reducing the number of accounts that could do things (reducing the attack vectors, as such). Its easy enough if you...

andoi,

What are developers doing with a domain admin password?

To stop NT admins playing with my sql servers I remove the builtin/administrator from the sql admin group, hence they can't change...

For application support they sometimes get datareader/datawriter and the odd stored procedure.

No ddl, dbo or admin rights if I can help it.

I don't think this is your problem but it may be worth checking the inbox/sent items (if you have quota's enabled on your server mail account), as it does fill...

You could download the Microsoft ComCheck utility, which will tell you the exact build and sometimes what software that version was shipped with.