removing BUILTIN\Admin access to databases
From: Kevin (kmh6@charter.net)
Date: 08/05/02
- Next message: Sue Hoegemeier: "Re: Trusted connections"
- Previous message: Brad M.: "Re: Multiple SQL*SERVER security holes"
- Next in thread: chris: "Re: removing BUILTIN\Admin access to databases"
- Reply: chris: "Re: removing BUILTIN\Admin access to databases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kevin" <kmh6@charter.net> Date: Mon, 5 Aug 2002 17:31:25 -0400
a re-visit of an old question...here's an old note which describes my
similar issue:
I'm trying to create an installation setup where administrators are
denied access to databases by default, but still can perform various
admin tasks on SQL Server.
BUILTIN\administrators has been removed from the sysadmin server role,
but in the login properties this login is still listed as having
access to *all* databases as 'dbo' (also the db_owner db-role is
checked in each db). Any attempt to uncheck 'permit' gives the message
'The database owner cannot be dropped'.
What gives? It looks as if 'BUILTIN\administrators' is aliased to
'dbo' at some level, although I'm unable to find a clue to this in the
system tables.
Dropping the login works fine (but isn't a solution). When adding the
login again after dropping it, this message appears: "It has been
detected that this login has permissions in specific databases(s) -
the login will have access to these databases now".
What was the resolution to this?
I would like to use this solution, because deleting the BUILTIN\Admins group
is causing problems with replication and other things.
thanx
- Next message: Sue Hoegemeier: "Re: Trusted connections"
- Previous message: Brad M.: "Re: Multiple SQL*SERVER security holes"
- Next in thread: chris: "Re: removing BUILTIN\Admin access to databases"
- Reply: chris: "Re: removing BUILTIN\Admin access to databases"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
