It appears that SUSER_SID(‘BUILTIN\Administrators’) does not always work reliably.
The code below disallows BUILTIN\Administrators from being able to connect to MS SQL Server
without groups and accounts been granted explicit logins\accounts.
if ( (SUSER_SID('BUILTIN\Administrators') is not null) and ( exists( select name from master.dbo.syslogins where name = 'BUILTIN\Administrators' )) ) begin print 'Dropping Login [BUILTIN\Administrators]...' drop login [BUILTIN\Administrators]; print 'Dropped Login [BUILTIN\Administrators]' end go
- SQL Server 2008 does not picked up dropped users