Can users who are part of Windows Administrators group inherit SA priveleges on SQL Server that is installed on Windows box
preguntado el 10 de septiembre de 13 a las 00:09
If you want to grant SA privileges to all local administrators, just create a sql login for the local administrator group and add it to the sysadmin server role.
If you do not want SA access, make sure that login is not part of the sysadmin server role.
However, a local administrator can impersonate other local windows accounts like the
NT AUTHORITY\SYSTEM account. That one always has SA access to any local SQL Server instance when using integrated security. That means you cannot really prevent a local admin from getting sysadmin access.
For details on gaining SA access to a SQL 2008R2 instance as a local admin, checkout this link: http://www.mssqltips.com/sqlservertip/2682/recover-access-to-a-sql-server-instance/