Wednesday, January 7, 2009

How to block built in windows administrators from using your SQL database?

The problem is terrible. You are not the windows administrator. But you have to create a database in the machine without allowing built in administrator of windows to access. Either you install the SQL Server in Mixed Mode or Windows Authentication mode, by default, built-in administrators becomes SQL Server Administrator. So, they will have access to each and every SQL database in that machine.

If you really want to block, then in my opinion, only two options are remained.

  1. To remove, built-in administrator login from SQL Server Administrator role. Yes, it woks fine. But, it will block the administrator from creating new databases as well and also from other rights. That may be problematic.
  2. By completing denying access to built-in administrator to SQL Server. This may also be problematic as the administrator will not even able to login to SQL.

 Both the things can be done from SQL Server Login Properties of SQL Server Enterprise Manager.