RE: Removing 'BUILTIN\Administrators'

RE: Removing 'BUILTIN\Administrators'

 

  

YES, I concur. We do all security by NT groups as a policy.

Thanks,
Ralph W. Davis
*********************************************************
*** CORPORATE DBA group - Houston ***
*********************************************************

-----Original Message-----
From: Guzman
[mailto:mssqldba-ezmlmshield-x14475381.[Email address protected]
Sent: Thursday, March 29, 2007 2:55 PM
To: LazyDBA Discussion
Subject: RE: Removing 'BUILTIN\Administrators'

Seems like putting the local admins in their own group, and giving that
group sa privileges would be better that adding them individually.

Dan





Davis Ralph <mssqldba-ezmlmshield-x22550595.[Email address protected]
03/29/2007 12:50 PM

To
LazyDBA Discussion <[Email address protected]
cc

Subject
RE: Removing 'BUILTIN\Administrators'






Just SSIS and this is on a per instance basis. The only ramification is
if other local admins need to get into sql with SA privileges you just
have to identify them and put them each in(like the cluster service
account) so they can be tracked. The unrestricted access to local
admins is a risk.

This has been a security rule for many years with our company.

Thanks,
Ralph W. Davis
*********************************************************
*** CORPORATE DBA group - Houston ***
*********************************************************

-----Original Message-----
From: Graves Martin D.
[mailto:mssqldba-ezmlmshield-x71671243.[Email address protected]
Sent: Thursday, March 29, 2007 2:43 PM
To: LazyDBA Discussion
Subject: RE: Removing 'BUILTIN\Administrators'

Thanks for that.

Are you running SSRS, SSIS, SSAS and other SQL BI tools on same instance
/ node?


Thanks
--------------------------
Martin


-----Original Message-----
From: Davis Ralph
[mailto:mssqldba-ezmlmshield-x9565210.[Email address protected]
Sent: Thursday, March 29, 2007 3:38 PM
To: LazyDBA Discussion
Subject: RE: Removing 'BUILTIN\Administrators'

No, as a matter of fact, I removed it today on a new 2005 cluster
server.

Thanks,
Ralph W. Davis
*********************************************************
*** CORPORATE DBA group - Houston ***
*********************************************************

-----Original Message-----
From: Graves Martin D.
[mailto:mssqldba-ezmlmshield-x6750016.[Email address protected]
Sent: Thursday, March 29, 2007 2:16 PM
To: LazyDBA Discussion
Subject: Removing 'BUILTIN\Administrators'

As part of our SQL 2000 (and earlier) setup standards (security), we
have always removed 'BUILTIN\Administrators'.

Has anyone had issue removing from SQL 2005?


Thanks
--------------------------
Martin


---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
****************************************************************
Confidentiality Note: The information contained in this
message, and any attachments, may contain confidential
and/or privileged material. It is intended solely for the
person(s) or entity to which it is addressed. Any review,
retransmission, dissemination, or taking of any action in
reliance upon this information by persons or entities other
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the
material from any computer.
****************************************************************


---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html




---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
****************************************************************
Confidentiality Note: The information contained in this
message, and any attachments, may contain confidential
and/or privileged material. It is intended solely for the
person(s) or entity to which it is addressed. Any review,
retransmission, dissemination, or taking of any action in
reliance upon this information by persons or entities other
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the
material from any computer.
****************************************************************


---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html




---------------------------------------------------------------------
TO REPLY TO EVERYBODY , PLEASE CLICK REPLY-ALL, NOT JUST REPLY
To post a dba job: http://jobs.lazydba.com
To subscribe : http://www.LazyDBA.com
To unsubscribe: http://www.lazydba.com/unsubscribe.html
****************************************************************
Confidentiality Note: The information contained in this
message, and any attachments, may contain confidential
and/or privileged material. It is intended solely for the
person(s) or entity to which it is addressed. Any review,
retransmission, dissemination, or taking of any action in
reliance upon this information by persons or entities other
than the intended recipient(s) is prohibited. If you received
this in error, please contact the sender and delete the
material from any computer.
****************************************************************

MS Sql Server LazyDBA home page