Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
river31
Starting Member
2 Posts |
 Posted - 2010-02-04 : 03:39:01
|
| Hi,I want to delete this 3 groups from the SQL Server 2005 instance.NWSRV2\SQLServer2005MSFTEUser$NWSRV2$DESENVOLVIMENTONWSRV2\SQLServer2005MSSQLUser$NWSRV2$DESENVOLVIMENTONWSRV2\SQLServer2005SQLAgentUser$NWSRV2$DESENVOLVIMENTOUnder the security tab of the SQL Server Instance i want to let only the following logins , with the following permissions:sa - sysadminNT AUTHORITY\SYSTEM - sysadminNT AUTHORITY\Service - sysadminThe SA account is to connect to SQL Server as sysadmin (i will then create my SQL Server login with sysadmin previleges)The NT AUTHORITY\Service account is to run the SQL Server Agent service.The SQL Server Service will run with a Domain account that as NO permissions inside my SQL Server.AS you can see there, i have deleted the builtin\adminstrators and the other groups that are created by default when SQL Server is installed.We don't need to execute jobs or maintenance plans out of the box, that's why we use the NT AUTHORITY\Service.1) Do you see any problems that can be caused because of this configuration?Do you recommend that i test witch part(s) of SQL Server to see if this works?I think that we will not have problems.What i'm traing to achieve is that only SQL Server logins can connect to SQL Server. No windows logins can connect to it, not even the Domain admins...Do you think that i will be limited in any form because i removed those groups from SQL Server???2) i will remove the Domain admins from the builtin\administrators group of my SQL Server operating system, so that they can not do this:http://www.sqlservercentral.com/articles/Administration/68271/ Can they (domain admins) reconnect after i delete them from the builtin\administrators group? thank you |
|
|
|
|
|
Advanced SQL Server 2005 security question