Re: prevent domain admins from access to sql 2000 service without denying them access to the machine



Hi,

well this would assume some requirements:

-the default administrators group has to be removed from the sysadmin
role in SQL Server.
-you will have to make sure that they will not reset the password of
the user who will be a sysadmin on the SQL Server for getting into the
system.

YOu will have to keep in mind, that this will not prevent them from
stopping the service, copying the database files somewhere and
attaching them to another server where they have full control of. So
it would be better to use a more restrict file security on the server
and the paths of the database files itself. But, as they are sysadmins
they will probably have the access to the paths, so you will be outta
luck here.

HTH, Jens K. Suessmeyer.

---
http://www.sqlserver2005.de
---

.



Relevant Pages

  • Re: I have now probably done a very silly thing
    ... I already knew what I was searching for which is 99% of the problem. ... the document that you passed in the mail and now I have granted the the relevant user back to the sysadmin server role. ... The 'best practice' is that SQL Server runs under domain account and not as Local Admin, but I am seeing lot of business that do the oppoiste:-) ...
    (microsoft.public.sqlserver.programming)
  • Re: permissions required for executing CDOSys stored procedures
    ... he is by default member of the sysadmin server ... role on the SQL Server database unless steps are taken to prevent that. ... sysadmin and who has not been granted specific execute permissions on the ... it is possible to GRANT EXECUTE ON sp_OACreate TO ...
    (microsoft.public.sqlserver.security)
  • Re: Sharepoint index problems in SQL Server.
    ... The Administrator account is a sysadmin and have all the access to all the ... > database is master and language US_English? ... >> I've set back the account localsystem for both SQL Server and Microsoft ...
    (microsoft.public.sqlserver.fulltext)
  • Re: Move or Setup of SQL Database toa Remote Server Fails
    ... as well as have SysAdmin privileges on the DB. ... Registered type 501ST MASTER for 501ST SCCM1DB\master ... Could not connect SQL Server 'master' db. ... The SCCM Primary Site Computer Account and the User account I am using ...
    (microsoft.public.sms.setup)
  • Re: cannot acees two databases as owner
    ... member of the built-in group Administrators, is not sysadmin. ... Administrator of SQL Server. ...
    (microsoft.public.sqlserver.setup)