AD Domain Admin permissions to SQL

5 pts.
Tags:
Active Directory
Active Directory Administration
Active Directory Permissions
SQL Permissions
Can a Domain Admin grant himself permissions to a SQL database? Or, put another way, can a Domain Admin make himself equivalent to the SA account?
ASKED: June 5, 2009  5:58 PM
UPDATED: June 9, 2009  5:09 PM

Answer Wiki

Thanks. We'll let you know when a new response is added.

By default everyone who is a member of the servers Administrators group is a member of the sysadmin role. This can be changed by removing the BUILTIN\Administrators group from SQL Server’s sysadmin role. Before you do this be sure to grant the DBAs admin rights.

Once the domain admins don’t have sysadmin rights to the database they can not grant themselves this right again.

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Hlx
    Depending on your viewpoint, it would be pretty trivial for a Domain Admin to change a password and login as a domain user that they know is SA and then grant themselves access. The only clue would be that the hijacked account holder would then be unable to login with what they thought was their password. One call to the help desk or perhaps even the Domain Admin to reset their password and all traces go away.
    690 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following