Has anyone experienced any SQL difficulties resulting from removing Domain
Admins' permissions from a SQL Server 2k machine. We are toying with the
idea now, mainly to keep the network people out of SQL. Our other option is
to remove the SQL Server from the domain itself. Any advice or information
would be appreciated.
Thanks for your time,
JoeJoe
Very useful site.
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --secu
rity best practices
"Joe" <nospam@.nospam.com> wrote in message
news:ORXpZyykDHA.2772@.TK2MSFTNGP12.phx.gbl...
> Has anyone experienced any SQL difficulties resulting from removing Domain
> Admins' permissions from a SQL Server 2k machine. We are toying with the
> idea now, mainly to keep the network people out of SQL. Our other option
is
> to remove the SQL Server from the domain itself. Any advice or
information
> would be appreciated.
> Thanks for your time,
>
> Joe
>|||Very nice. Thanks for the info.
Joe
"Uri Dimant" <urid@.iscar.co.il> wrote in message
news:O#6y73ykDHA.2432@.TK2MSFTNGP10.phx.gbl...
> Joe
> Very useful site.
>
http://vyaskn.tripod.com/sql_server_security_best_practices.htm --secu
> rity best practices
>
> "Joe" <nospam@.nospam.com> wrote in message
> news:ORXpZyykDHA.2772@.TK2MSFTNGP12.phx.gbl...
> > Has anyone experienced any SQL difficulties resulting from removing
Domain
> > Admins' permissions from a SQL Server 2k machine. We are toying with
the
> > idea now, mainly to keep the network people out of SQL. Our other
option
> is
> > to remove the SQL Server from the domain itself. Any advice or
> information
> > would be appreciated.
> >
> > Thanks for your time,
> >
> >
> > Joe
> >
> >
>|||To keep the network folks out of SQL Server (but not the
box itself) you can remove the BUILT/Administrators login
from the SQL Server.
This will remove access to SQL Server for any local
administrators (Domain Admins included). You may want to
add your domain account to the server administrators role
so that you continue to have sa privileges.
Tim
>--Original Message--
>Has anyone experienced any SQL difficulties resulting
from removing Domain
>Admins' permissions from a SQL Server 2k machine. We
are toying with the
>idea now, mainly to keep the network people out of SQL.
Our other option is
>to remove the SQL Server from the domain itself. Any
advice or information
>would be appreciated.
>Thanks for your time,
>
>Joe
>
>.
>|||Is there a danger in removing thier access to the box itself? They have
fried it 3 days in a row.
Thanks,
Joe
"Tim Richardson" <anonymous@.discussions.microsoft.com> wrote in message
news:005f01c39330$66bb73a0$a301280a@.phx.gbl...
> To keep the network folks out of SQL Server (but not the
> box itself) you can remove the BUILT/Administrators login
> from the SQL Server.
> This will remove access to SQL Server for any local
> administrators (Domain Admins included). You may want to
> add your domain account to the server administrators role
> so that you continue to have sa privileges.
> Tim
>
> >--Original Message--
> >Has anyone experienced any SQL difficulties resulting
> from removing Domain
> >Admins' permissions from a SQL Server 2k machine. We
> are toying with the
> >idea now, mainly to keep the network people out of SQL.
> Our other option is
> >to remove the SQL Server from the domain itself. Any
> advice or information
> >would be appreciated.
> >
> >Thanks for your time,
> >
> >
> >Joe
> >
> >
> >.
> >|||Joe,
It's hard for me to say. I've never tried it. I
wouldn't think that it would affect the functioning of
SQL Server unless the service account is configured as a
domain admin. It could affect other things though. I
would only try it on a test machine until you know for
sure.
One thing though, I would imagine that THE Domain
Administrator (as opposed to the Domain Admins group)
will always have access to the box. If you are having
problems with the network folks and are trying to lock
them out, they can probably find their way back in.
Tim
>--Original Message--
>Is there a danger in removing thier access to the box
itself? They have
>fried it 3 days in a row.
>Thanks,
>Joe
>
>"Tim Richardson" <anonymous@.discussions.microsoft.com>
wrote in message
>news:005f01c39330$66bb73a0$a301280a@.phx.gbl...
>> To keep the network folks out of SQL Server (but not
the
>> box itself) you can remove the BUILT/Administrators
login
>> from the SQL Server.
>> This will remove access to SQL Server for any local
>> administrators (Domain Admins included). You may want
to
>> add your domain account to the server administrators
role
>> so that you continue to have sa privileges.
>> Tim
>>
>> >--Original Message--
>> >Has anyone experienced any SQL difficulties resulting
>> from removing Domain
>> >Admins' permissions from a SQL Server 2k machine. We
>> are toying with the
>> >idea now, mainly to keep the network people out of
SQL.
>> Our other option is
>> >to remove the SQL Server from the domain itself. Any
>> advice or information
>> >would be appreciated.
>> >
>> >Thanks for your time,
>> >
>> >
>> >Joe
>> >
>> >
>> >.
>> >
>
>.
>|||There is nothing wrong about removing BUILTIN\Administrators. Of course, the current administrators
using this will complain, but this is what you are after, right?
Just make sure you add some other group first (assuming you use Windows logins in the first place).
I usually create some SQLAdmins group or similar and add that first.
There's a reason why Administrators is there in the first place. Imagine you install SQL Server in
Windows Only mode. No-one would be able to login if it wasn't for the Administrators group being
there.
--
Tibor Karaszi, SQL Server MVP
Archive at: http://groups.google.com/groups?oi=djq&as ugroup=microsoft.public.sqlserver
"Joe" <nospam@.nospam.com> wrote in message news:uytKhGzkDHA.3688@.TK2MSFTNGP11.phx.gbl...
> Is there a danger in removing thier access to the box itself? They have
> fried it 3 days in a row.
> Thanks,
> Joe
>
> "Tim Richardson" <anonymous@.discussions.microsoft.com> wrote in message
> news:005f01c39330$66bb73a0$a301280a@.phx.gbl...
> > To keep the network folks out of SQL Server (but not the
> > box itself) you can remove the BUILT/Administrators login
> > from the SQL Server.
> >
> > This will remove access to SQL Server for any local
> > administrators (Domain Admins included). You may want to
> > add your domain account to the server administrators role
> > so that you continue to have sa privileges.
> >
> > Tim
> >
> >
> > >--Original Message--
> > >Has anyone experienced any SQL difficulties resulting
> > from removing Domain
> > >Admins' permissions from a SQL Server 2k machine. We
> > are toying with the
> > >idea now, mainly to keep the network people out of SQL.
> > Our other option is
> > >to remove the SQL Server from the domain itself. Any
> > advice or information
> > >would be appreciated.
> > >
> > >Thanks for your time,
> > >
> > >
> > >Joe
> > >
> > >
> > >.
> > >
>
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment