Members of the Sysadmin Role

Issue

The members of the Sysadmin role should be kept to a minimum because this role gives system administrator rights to all its members.

Solution

Review the members of the Sysadmin role. Ensure that each of these members should have system administrator rights to the computer running Microsoft® SQL Server™.

Important: If you are running Small Business Server (SBS) 2000 or Windows Small Business Server 2003 Premium Edition, you will need at least one local Administrator account in the Sysadmin role to use SQL Server Enterprise Manager on the server.

Instructions

To review the Sysadmin members

1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
2. In SQL Server Enterprise Manager, double-click SQL Server Group, and then double-click the SQL Server that you want to secure.
3. Click the Security folder, click Server Roles, and then double-click the System Administrators role in the right pane.

If you do not want to use Enterprise Manager, or do not have access to the tool as in the case of MSDE, to review the Sysadmin members, the following steps can be performed:

1. Open a command prompt window.
2. Use the osql utility to connect to the SQL instance using a valid login.
3. Issue the following command to obtain the list of sysadmin role members:

   a. sp_helpsrvrolemember 'sysadmin'
   b. go
    

Additional Information

SQL Server 7.0 Security

Microsoft SQL Server 2000 Security

©2002-2004 Microsoft Corporation. All rights reserved.