Unfortunately we have to leave it in mixed mode, as the application we're
going to install only works with SQL Authentication.... sigh..... Another
reason for trying to get rid of the SA account, is that some programmers
think that the solution for any permission problems is to use SA.. so I'd
like to get rid of it to remove the temptation. I think I'll just change the
password and 'forget it'....:)
> Do you use SQL authentication for anything, if not then
> you can change the server to Windows only. However,
> regardless of this make sure the sa login has a very strong
> password and lock it away. The trouble is that anyone
> who is a sysadmin can change the sa password without
> knowing what it currently is so it won't do a hell of a lot of
> good. As you have discovered, you can't remove the sa login
> or remove it from the sysadmin role.
> Jasper Smith (SQL Server MVP)
> I support PASS - the definitive, global
> community for SQL Server professionals -
> > We've set up each of our programmers with their own Active Directory
> > SQLAdmin account, made them members of the SQL Server Admin group in AD.
> > AD group has been added to the SQL server login IDs, and been given the
> > system administrator role.
> > What I'd like to do now is to basically turn the SA account into a
> > account, with as few rights as possible (actually, I'd like to delete
> > but you can't do that)... What's the best way to go about this...? Any
> > suggestions and pointers are gratefully accepted.
> > Graham