Prevent Local Admin Account From Deletions

I have a question I'm hoping someone can help me with. I'm running SQL Serve
r
2000 and I'm logging into QA with Windows Authentication; in Enterprise
Manager I marked the EXEC PERMISSION for deny on a Stored Procedure for the
username that I logging in QA with. However, I'm still able to execute the
Stored Procedure. Even when I mark the same permission for the public role
I'm still able to execute the stored procedure. Is it because I'm the local
administrator for the box? I'm trying to generate an error 229 but I'm not
having any success. What am I doing wrong? I'm doing this because I'm testin
g
an app that allows a user to log in with a Windows Auth account accessing a
Sql Server database and I'm trying to test a delete function that uses the
stored procedure on the Windows account. Any suggestions?
--
TC

Probably because the local administrators group is added as a login to SQL S
erver with the sysadmin
server role. SQL Server doesn't check any permissions for sysadmins, so deny
 doesn't apply. You can
change the sysadmin role for this login, if you wish.

--
Tibor Karaszi, SQL Server MVP
http://www.karaszi.com/sqlserver/default.asp
http://www. solidqualitylearning
.com/
Blog: http:// solidqualitylearning
.com/blogs/tibor/


"Terrance" < Terrance@discussions
.microsoft.com> wrote in message
news:159AF1C2-A175-4F6A-84C4- 6C9C41992AD1@microso
ft.com...
>I have a question I'm hoping someone can help me with. I'm running SQL Serv
er
> 2000 and I'm logging into QA with Windows Authentication; in Enterprise
> Manager I marked the EXEC PERMISSION for deny on a Stored Procedure for th
e
> username that I logging in QA with. However, I'm still able to execute the
> Stored Procedure. Even when I mark the same permission for the public role
> I'm still able to execute the stored procedure. Is it because I'm the loca
l
> administrator for the box? I'm trying to generate an error 229 but I'm not
> having any success. What am I doing wrong? I'm doing this because I'm test
ing
> an app that allows a user to log in with a Windows Auth account accessing 
a
> Sql Server database and I'm trying to test a delete function that uses the
> stored procedure on the Windows account. Any suggestions?
> --
> TC

Thanks, for the help.
--
TC


"Terrance" wrote:

> I have a question I'm hoping someone can help me with. I'm running SQL Ser
ver
> 2000 and I'm logging into QA with Windows Authentication; in Enterprise
> Manager I marked the EXEC PERMISSION for deny on a Stored Procedure for th
e
> username that I logging in QA with. However, I'm still able to execute the
> Stored Procedure. Even when I mark the same permission for the public role
> I'm still able to execute the stored procedure. Is it because I'm the loca
l
> administrator for the box? I'm trying to generate an error 229 but I'm not
> having any success. What am I doing wrong? I'm doing this because I'm test
ing
> an app that allows a user to log in with a Windows Auth account accessing 
a
> Sql Server database and I'm trying to test a delete function that uses the
> stored procedure on the Windows account. Any suggestions?
> --
> TC