Remove BUILTIN\Administrators from SQL 2005

We have a server shared by two project teams. To tight the security, I want to remove BUILTIN\Administrators off the public and sysadmin server roles. My question: any thing I should pay special attention ? I use LocalSystem to start all SQL Service. I know this is not a very good pratice yet I have no choice as our company network is a mixed of windows and novell, we do not have AD.

Make sure that you have a sysadmin left after removing builtin\administrators. I have seen sql servers in integrated mode where someone removed builtin\administrators and then nobody could administer the server.

Local System is very powerful. Any code executed by SQL Server can change anything on the windows box so if you are running untrusted code inside SQL Server you need to be aware of that fact and the potential threat it represents.

to remove builtin\administraotrs

exec sp_dropsrvrolemember [BUILTIN\Administrators] , sysadmin

go

drop login [BUILTIN\Administrators]

go

hth,

-Steven Gott

S/DET

SQL Server

|||

Hi,

What about NT AUTHORITY\System account?

Is it needed?

Regards,

Jeremy

|||

Some management tools may be using it (for example MOM).

-Raul Garcia

SDE/T

SQL Server Engine