• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 228
  • Last Modified:

How can I restrict domain administrator access to a SQL 2005 db with mixed mode authentication?

I have an appliction that uses a SQL 2005 DB with mixed mode authentication. The db is in a domain with different containers. The issue is that only administrators from the hosting container should be able to access the db. Is there a way to restrict domain administrators from accessing the db through the managment console. And if that is not possible, is there a way to log the actions of domain administrators relative to the database
0
samnoh
Asked:
samnoh
  • 3
  • 2
1 Solution
 
dbidbaCommented:
Not sure I caught all that, but I'll pass along that we take the BUILTIN\Administrators login out of the sysadmin SQL Server role. Give them only required rights.
0
 
samnohAuthor Commented:
The administrators that I'm referring to are Windows domain administrators. Can this be done with Windows administrators?
0
 
dbidbaCommented:
By default, any account which has administrator on the box also has sysadmin in SQL Server.  They come in via the BUILTIN\Administrators SQL login. Restricting rights on BUILTIN\Administrators will restrict rights on any Windows admin who does not otherwise have access to the SQL instance.
0
 
dbidbaCommented:
>The issue is that only administrators from the hosting container should be able to access >the db

After restricting BUILTIN\Administrators, you may add a login or AD group which contains the accounts which should have access.
0
 
samnohAuthor Commented:
That sounds very logical. Thank you, I will give that a whirl.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now