I have noticed that in all of the SQL 2008 installs whichwe have been performing that there was no BUILTIN\Administrators group being installed.
Has this Login gone away? It used to be automatically installed with SQL 2005
AndrewH |
| AndrewJHarris Wednesday, June 18, 2008 10:37 PM |
It is no longer added automatically. If you want to add the group you can during setup or afterwards, but this was done for increased security out of the box and to make it more explicit who is an SYSADMIN in SQL and who isn't. |
| Jack Richins Wednesday, June 18, 2008 11:06 PM |
The local Windows Group BUILTIN\Administrators is not included in the SQL Server sysadmin server role andis not added as a login account unless during setup or at later time a sysadmin specifically adds the windows group.
However, for disaster recovery purposes, BUILTIN\Administrators can connect to SQL Server and are treated as sysadmins when SQL Server is started with the -F flag (a disaster recovery only mode).
|
| Jack Richins Saturday, July 12, 2008 12:08 AM |
It is no longer added automatically. If you want to add the group you can during setup or afterwards, but this was done for increased security out of the box and to make it more explicit who is an SYSADMIN in SQL and who isn't. |
| Jack Richins Wednesday, June 18, 2008 11:06 PM |
|
| AndrewJHarris Wednesday, June 18, 2008 11:28 PM |
Hi Jack,
Based on the CTP's and BOL, I thought the group was added by default, however, it was nolonger associated with sysadmin group. Did that change with RC0?
| SQL Server 2008 Books Online (February 2008) |
The local Windows Group BUILTIN\Administrator is no longer included in the SQL Server sysadmin server role.
Thanks for clarifying as I don't have a system infront of me. |
| Ross Mistry Thursday, July 10, 2008 6:58 PM |
The local Windows Group BUILTIN\Administrators is not included in the SQL Server sysadmin server role andis not added as a login account unless during setup or at later time a sysadmin specifically adds the windows group.
However, for disaster recovery purposes, BUILTIN\Administrators can connect to SQL Server and are treated as sysadmins when SQL Server is started with the -F flag (a disaster recovery only mode).
|
| Jack Richins Saturday, July 12, 2008 12:08 AM |
(While members of the Administrators local group are members of the Server role, their membership in the Server role is not visible in the user interface.)
I just got this from the May 2008 BOL which is the same as 2005 so they question is why only the relational engine and not Analysis Service because I just gave a hack to a user to remove these groups in another forum? Windows System Admins are in most cases clueless about what goes on Analysis Services so whose idea is it to give clueless people total control of something they don't know?
|
| Caddre Tuesday, July 29, 2008 8:01 PM |
Jack,
Do you know if the application of Windows 2003 SP2 modifies the builtin administrators group permissions in any way?
|
| TheWienerman Monday, August 17, 2009 7:22 PM |
index > SQL Server Security > BUILTIN\Administrators Group