Builtin Admin in 7.0 | SQL Server Performance Forums

SQL Server Performance Forum – Threads Archive

Builtin Admin in 7.0

Hi guys, first post on this site. All the manuals tell us to drop this user upon installation, as it is a huge security flaw. Now, I did exactly that recently, and THEN found out I couldn’t schedule a darn thing – no backups, no procudures, nada. I tried this on two systems at work, and then on my system at home – with the same result all 3 times, no scheduling possible. Is this a well-known flaw, or am I just re-opening old wounds here?
JayBee. France. The finest wines. The tastiest cuisine. The most delicious women.
Hi Jaybee, you will need to make sure that you add the service account used for SQL and SQL Agent in as SQLServer sysadmin users. Cheers
Twan
True and by default the SQL setup creates the "BUILTINAdministrators" login, which gives any account in the Local Administrators group system administrator (sa) privileges. In some environments, you might not want to allow NT administrators to have this kind of access to SQL Server. On a stand-alone server that is running SQL Server, you can remove the "BUILTINAdministrators" login from SQL Server to limit this type of access. And keep in mind about this KBAhttp://support.microsoft.com/defaul…port/kb/articles/Q237/6/04.asp&NoWebContent=1 for SQLAgent issue after you remove those admins. Lastly no issues on our environment after removing them. _________
Satya SKJ
Moderator
SQL-Server-Performance.Com
]]>