Check | Description |
---|---|
| A strong sa password is used (for all accounts). |
| SQL Server guest user accounts are removed. |
| BUILTIN\Administrators server login is removed. |
| Permissions are not granted for the public role. |
| Members of sysadmin fixed server role are limited ( ideally , no more than two users). |
| Restricted database permissions are granted. Use of built-in roles, such as db_datareader and db_datawriter, are avoided because they provide limited authorization granularity. |
| Default permissions that are applied to SQL Server objects are not altered . |