It may be time to trip the alarm on your sysadmins.

It may be time to trip the alarm on your sysadmins.

Blitz Result: Sysadmins List

Don’t think of these security accounts as sysadmins.

Think of them as users who can get you fired.

Anyone in the sysadmin role can perform any task whatsoever, including covering their tracks.

This part of our SQL Server sp_Blitz script lists all of the users in the sysadmin role.  If any of these names don’t seem familiar to you, you might have a problem.

To Fix the Problem

Look critically at all your sysadmin accounts. Think about the Principle of Least Privilege and follow the steps below.

Return to sp_Blitz or Ask Us Questions

Take a Hard Look at Your Sysadmins.

Whenever possible, these users should be removed from this role and given reduced permissions if they don’t absolutely need sysadmin rights.

  • Copy the list of logins with sysadmin rights
  • Verify that the logins should have those rights with business owners
  • Remove or reduce permissions for any login that doesn’t need this right. For applications, be careful and test this before you make the change.
  • If any of these logins use SQL Server Authentication, verify if passwords are being rotated regularly. Consider changing to Windows authentication.

Keep in mind that developers may be using the SA role in order to perform the TRUNCATE TABLE command.  In the old days (SQL 2000), we used the SA role so that developers could write code that truncated tables they didn’t own.