Check | Description |
---|---|
| SQL Server is running using a least-privileged local account (or optionally , a least-privileged domain account if network services are required). |
| Unused accounts are removed from Windows and SQL Server. |
| The Windows guest account is disabled. |
| The administrator account is renamed and has a strong password. |
| Strong password policy is enforced. |
| Remote logons are restricted. |
| Null sessions (anonymous logons) are restricted. |
| Approval is required for account delegation. |
| Shared accounts are not used. |
| Membership of the local administrators group is restricted ( ideally , no more than two administration accounts). |