Blitz Result: Sysadmins List
Don’t think of these security accounts as sysadmins.
Think of them as users who can get you fired.
Anyone in the sysadmin role can perform any task whatsoever, including covering their tracks.
This part of our SQL Server sp_Blitz script lists all of the users in the sysadmin role. If any of these names don’t seem familiar to you, you might have a problem.
To Fix the Problem
Look critically at all your sysadmin accounts. Think about the Principle of Least Privilege and follow the steps below.
Take a Hard Look at Your Sysadmins.
Whenever possible, these users should be removed from this role and given reduced permissions if they don’t absolutely need sysadmin rights.
- Copy the list of logins with sysadmin rights
- Verify that the logins should have those rights with business owners
- Remove or reduce permissions for any login that doesn’t need this right. For applications, be careful and test this before you make the change.
- If any of these logins use SQL Server Authentication, verify if passwords are being rotated regularly. Consider changing to Windows authentication.
Keep in mind that developers may be using the SA role in order to perform the TRUNCATE TABLE command. In the old days (SQL 2000), we used the SA role so that developers could write code that truncated tables they didn’t own.