0. Learn from past mistakes. *** 1. Limit number of DBAs: SQL Server's tight integration with Windows makes it far too easy to simply grant database administration rights to all domain administrators. 2. Apply the rule of least privilege: Administrative access (and user-level access, for that matter) have the smallest subset of privileges necessary to carry out their job functions. 3. Avoid hard-coded passwords. 4. Get use to SQL Server Roles. 5. Ensure to keep in touch with latest updates on service packs and hotfixes. http://www.microsoft.com/technet/security/prodtech/dbsql/default.mspx Satya SKJ Moderator http://www.SQL-Server-Performance.Com/forum This posting is provided â€œAS ISâ€ with no rights for the sake of knowledge sharing.