My customer asks me to install SQLEXPR_x64_ENU.exe with certain command line switches, are they secure ?

/SQLSYSADMINACCOUNTS="Builtin\Administrators";"Builtin\Authenticated Users"

I am worried about the "Builtin\Authenticated Users", could this cause a security breach on the machine ?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It is somewhat broad to have authenticated users be admins indeed. Please ask them why? Maybe they didn't properly program their own program and this is a workaround (ask them how fast they can fix this). Of course, they are their own boss, obviously. If you advise it, and they still want it, there's not much you can do (of course, don't do it, they'll hire someone else). Maybe IF you continue with this, you can up your fee as well. By adding this security flaw, it will make your work only that much harder (since normal users can mess up things)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Vitor MontalvãoMSSQL Senior EngineerCommented:
Builtin\Authenticated Users are all users that has access to the server.
Builtin\Administrators are all users with administration right on the server.
I wouldn't give any SA access for the both groups. Only DBAs should have SA access on a SQL Server instance but I understand if that's your customer demand that you should at least warn him about the Builtin\Authenticated Users issue. Is giving to much power to any user and so they can even drop a database without knowing that.
itbabeAuthor Commented:
The sql server express is located on the workstation of the individual users, does make the security impact less severe ?
Vitor MontalvãoMSSQL Senior EngineerCommented:
No. Authenticated Users can be all users that are registered in the active directory. They don't even need to connect to the local workstation since they can connect remotely to the SQL Server instance.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.