Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 General SQL Server Forums
 New to SQL Server Administration
 Removing BUILTIN\Administrators

Author  Topic 

laddu
Constraint Violating Yak Guru

332 Posts
Posted - 2010-09-02 : 10:23:46
Hi,

We had setup a SQL 2005 cluster active/passive server. We are going to use this one for production.

Now we want to remove the BUILTIN/Administrators from SQL Logins.

As far I know we need to add the Cluster service account to SQL LOGINS then we are good to remove the builtin/admin.

Is there any other things need to be taken care?
Is it possible to add BUILTIN/Administrators again to SQL login?

Please advice

jeffw8713
Aged Yak Warrior

819 Posts
Posted - 2010-09-02 : 16:03:45
When you installed SQL Server into the cluster, it should have added the appropriate domain groups to the instance. The domain groups that you created and specified during the install.

Additionally, the cluster service account should have the appropriate rights already.

So, the only thing you really need to do is add your DBA group (or personal account) as a login (with sysadmin rights), or create a login with sysadmin rights. Then, remove the sysadmin rights from the BUILTIN\Administrators group. You don't have to remove it, necessarily - unless you grant rights to the public role that would allow anyone logging in to have access.
Go to Top of Page

laddu
Constraint Violating Yak Guru

332 Posts
Posted - 2010-09-03 : 19:25:50
D0 We need server failover/failback the cluster to ensure everything is working fine.


http://support.microsoft.com/kb/263712
Go to Top of Page

laddu
Constraint Violating Yak Guru

332 Posts
Posted - 2010-09-07 : 15:52:41


I have successfully removed BUILTIN/Administrator after adding the group to SQL Login that used to administer the SQL Server.


Our server is SQL Server 2005 cluster server active/passive


What authentication is required in this scenario.


Presently in mixed mode, can I change it to windows authentication ?
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-09-07 : 15:55:16
The authentication that is required is dependent upon your application and how users connect. We use SQL authentication for the applications and Windows authentication for DBA-type access. So we are required to use mixed-mode.

Whether or not your system is standalone, active/passive cluster, or active/active cluster is not relevant to the security mode.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

laddu
Constraint Violating Yak Guru

332 Posts
Posted - 2010-09-07 : 16:07:33
Thank you for your reply.

we removed the BUILTIN/Admin, do we need to put the Mixed mode authentication compulsory?
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-09-07 : 16:45:22
I don't understand your question, specially the word "compulsory" which doesn't seem to fit in your question.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page

laddu
Constraint Violating Yak Guru

332 Posts
Posted - 2010-09-08 : 09:42:16
Sorry for the confusion.
Our application uses windows account to connect to the database. But clients requests may come from UNIX, LINUX..
So just wondering what would be best authentication windows or mixedmode.
Go to Top of Page

tkizer
Almighty SQL Goddess

38200 Posts
Posted - 2010-09-08 : 11:14:45
You'll need mixed-mode for that.

Tara Kizer
Microsoft MVP for Windows Server System - SQL Server
http://weblogs.sqlteam.com/tarad/

Subscribe to my blog
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site