Detailed description of BUILTINAdministrators in SQLServer

SQLServer is a relational database management system. It was initially developed by three companies, Microsoft Sybase and Ashton-Tate. In 1988, it launched the first OS2 version. After the launch of WindowsNT, Microsoft and Sybase have separated themselves in the Development of SQLServer, Microsoft port SQLServer to Windows

SQL Server is a relational database management system. It was initially developed by Microsoft Sybase and Ashton-Tate, and launched the first OS/2 version in 1988. After the launch of Windows NT, Microsoft and Sybase were separated in the Development of SQL Server. Microsoft transplanted SQL Server to Windows

SQL Server is a relational management system. It was initially developed by Microsoft Sybase and Ashton-Tate, and launched the first OS/2 version in 1988. After the launch of Windows NT, Microsoft and Sybase were separated in the Development of SQL Server. Microsoft transplanted SQL Server to Windows NT, focus on developing and promoting the Windows NT version of SQL Server. Sybase is more focused on SQL Server Applications on UNIX operating systems.

SQL Server 2000 is an SQL Server database management system launched by Microsoft. It inherits the advantages of SQL Server 7.0 and adds many more advanced functions than it. It has the advantages of convenient scalability, high degree of integration with related software, and can be used across a variety of platforms from laptops running Microsoft Windows 98 to large multi-processor running Microsoft Windows 2000.

After installing SQL Server 2000, the installation process automatically creates a Logon account for "BUILTIN \ Administrators", which is a member of the "sysadmin" role. The "BUILTIN \ Administrators" Logon account represents the local system administrator group on Microsoft Window2000. The "Administrator" account of Windows 2000 is a member of the local system Administrator group.

In addition, if your server is a Domain member, the "Domain Admins" Global Group will also become a member of the local system administrator group. This means that all members in the Local Group of the system administrator will automatically obtain the "sysadmin" permission on SQL Server.

To enhance the security of your SQL Server, you can create your own group and grant it the "sysadmin" permission, and then delete the "BUILTIN \ Administrators" Logon account, or at least delete it from the "sysadmin" server role. Using this method, you can better control who can access your SQL Server. This method also disconnects the SQL Server System Administrator and Windows 2000 administrator because they usually have different tasks and need different permissions. To enhance security, you may want to configure SQL Server to support Windows authentication only. However, you must remember that this configuration will disable your "sa" account.

If you implement this security measure in an incorrect order, you cannot log on to SQL Server as "sysadmin, unless you modify the registry key value as described above. The correct sequence is: Create a Windows 2000 or Windows NT user group and assign members to the group. For example, create a group called "SQLAdmins.

Map "SQLAdmins" to an account in SQL Server that authenticates and logs on using Windows authentication, and assign the account to the "sysadmin" Server role.

Delete the "BUILTIN \ Administrators" Logon account or remove it from the "sysadmin" server role.

Change the Authentication Mode of SQL Server to "Windows authentication only ".

Restart SQL Server to reflect changes in Authentication mode.

Note: If you follow these steps in this wrong order: Delete the "BUILTIN \ Administrators" Logon account and change the SQL Server Authentication Mode to "Windows authentication only ", then restart SQL Server. Then, the "sa" account will be disabled and cannot enter SQL Server because other Windows Authentication logon accounts are not defined. To avoid this, implement these security measures in the correct order.