SQL server Security

I have multiple SQL servers (SQL 2000, 2005 and 2008). I want to create and deploy a security policy/Sec best practices to tighten up security on these servers. Can anyone give recommendations or point me in the right direction?
Who is Participating?
Multiple servers/instances so the easiest way is to centralise (most off) the authorisation in AD-groups and then instance per instance see that the correct rights are assinged that apply for that version of sql.

A good start is to make an inventory on what exists http://www.mssqltips.com/sqlservertip/1881/sql-server-security-audit-report/

'tighten up' can also mean to make difference in how you try to connect to db. So application roles (from 2005) can limit access to only trough a specific application.  
DEFclubAuthor Commented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.