I have a question regarding login modes in sql server.
I know that there is: Windows authentication and SQL + Win
authentication mode
but I don't understand how come there isn't such a third auth mode:
SQL auth only.
Are there any good reasons for this?

Is there a way to protect the databases in such a way that only the
users who have access to the server can get in and not the people who
have admin rights on the computer.
I know this is a bit strange but it can happen :)

One other thing... Let's say a user doesn't have admin rights to the
computer and doesn't have access to the server. Is it possible that he
could copy the database files to his computer at home and access the
database there? Can a computer admin do this?

Thanks,

The first thing i want to say is what i am about to explain to you can cause
serious problems in some cases. Also if you do not trust an user which has
admin rights to the computer or domain then he shouldn't have it on the
first place.

[quoted text, click to view]

By design the builtin\administrator group gets added as part of the sysadmin
role.

But Remember Denied override granted access, what i have done is create a db
role and attach those admins out there to that role, the role pretty much
just denies access to everything.

[quoted text, click to view]

Yes an user could do that if knows how to \\sqlservname\driveletter$ you
could disable this share but other problems may happen then;the best think
you could do is open the directoy where the DB files are located and add
those admins with denied access to the ACL.

Like i said if you do not trust them do not give them admin rights. Security
is painfull if set-up wrong, it is better to create groups and grant access
to resourses to those groups as needed then attach users to those groups.

Yovan

[quoted text, click to view]