I have just queried syslogins on a SQL express installation, and was quite alarmed to see builtin\users as a login. Is this default when you setup a new installation of SQL express? They aren't sysadmin but seem to have some degree of access. Is there any risk with this setup? Why would you grant BUILTIN\users access to a SQL DB?