MS SQL Server – Disallow BUILTIN\Administrators


It appears that SUSER_SID(‘BUILTIN\Administrators’) does not always work reliably.
The code below disallows BUILTIN\Administrators from being able to connect to MS SQL Server
without groups and accounts been granted explicit logins\accounts.



if (
            (SUSER_SID('BUILTIN\Administrators') is not null)
        and ( exists( select name from master.dbo.syslogins where name = 'BUILTIN\Administrators' ))	
    print 'Dropping Login [BUILTIN\Administrators]...'	

        drop login [BUILTIN\Administrators];
    print 'Dropped Login [BUILTIN\Administrators]'


  1. SQL Server 2008 does not picked up dropped users

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s